On Monday, Iowa’s Democratic Party released for public comment its plan for 2020’s presidential caucus, including the most details yet about having Iowans take part from home or anywhere else via landline phones or their digital devices in “virtual caucuses.”
The Iowa 2020 Delegate Selection Plan envisions five days of early virtual voting in allotted time slots starting on January 29, and ending with a sixth virtual caucus on the night of February 3, when Iowans physically convene at 1,679 precincts to vote in rounds for their presidential nominee.
The electronic caucuses will use a ranked-choice ballot, where participants select their top five presidential choices. Virtual voters must pre-register, the plan said. Iowa’s four congressional districts will be treated as electronic precincts, it said. The results from February 3rd’s 1,679 caucus sites also “will be tabulated electronically and sent securely to the State Party.”
Introducing virtual caucuses in Iowa could be the biggest change in 50 years in the Democratic Party’s opening presidential contest. While the technical and logistical details have yet to be worked out by the Iowa Democratic Party, and must be approved by the Democratic National Committee, their motive and goal is clear. The party is seeking to increase participation and inclusivity as the electorate’s demographics are changing—from aging baby boomers to generations of younger tech-savvy voters. That backdrop has placed tremendous pressure on traditional political organizing, prompting Democrats to conclude they must use new tools like virtual voting.
Kevin Geiken, Iowa party executive director, has said that online voting could prompt 100,000 more voters than 2016’s caucuses where 171,500 Iowans turned out. (The DNC’s 2020 rules also require Iowa to offer same-day registration at precinct caucuses for any eligible voter.)
But the prospect of virtual caucuses poses serious and timely questions: Can digital technology, let alone internet-based processes, be trusted for such a high-stakes event? Indeed, can online voting be verifiably depended upon?
Critics have said for years that online voting can never be secured from hacking and can never be trusted, a stance they hold today. Nonetheless, technology firms — from U.S. start-ups to global companies — have been running domestic online voting trials for several years, and even longer in municipal and provincial elections in Canada, where there are auditing requirements. It has also been used for national elections abroad, such as in Estonia, where it has been an option for voters since 2005, and successive elections have seen steadily growing use and acceptance.
The diverging assessments point to a giant below-the-radar fight over the current state and future of online voting in America. While entrepreneurs are pushing ahead and are poised to help the Iowa party show that voting from digital devices is possible, they face opponents who have worked for years to warn against online voting. Their opposition has been led by computer scientists centered around the advocacy group Verified Voting.
As one longtime critic said in exasperation in a background interview, Iowa’s pursuit of online voting would be inviting the Republican National Committee and Russian intelligence agents to hack the 2020 caucuses and ensure that the weakest nominee was its reported winner. Didn’t any Democrat making decisions about 2020 hear the recent Senate testimony by the country’s top intelligence officer that almost everything in America tied to the internet was at risk, they pointedly asked.
There’s still a long way to go before a yet-to-be-determined mix of online or landline phone voting becomes a reality in 2020’s Democratic presidential caucuses. It may end up that states will not have the time nor the resources to implement online voting in 2020 — despite current intentions like Iowa’s delegate selection plan for the Democratic National Convention.
Is voting from digital devices as wholly insecure and untrustworthy, as its opponents declare? Or, are their fears mostly theoretical? Is incremental progress being made that suggests that trustable online voting is closer to reality than its critics want to acknowledge?
New technology, old questions
Online and telephone voting has not appeared out of nowhere, although landline telephone voting, while used in Canadian municipal elections, is being phased out while using digital devices to vote, especially smartphones and tablets (which are more secure than laptops), is increasing in the U.S., Canada and abroad.
Since 2004, internet-based techniques have helped American soldiers and civilians overseas to vote—a very limited use in governmental elections. More recently, a few state-based political parties have used varieties of online voting for their party-run contests, such as in Utah, Arizona and Massachusetts. Earlier this month, Michigan Democrats held their state convention and used a tablet-based voting system. These pilots and trials have generally seen several hundred to several thousand voters. What Iowa might do would be on a larger scale with higher stakes.
Hovering above this landscape is a basic question: Can online voting be trustworthy and verifiable?
This question is not as simply answered in 2019 as it might have been a decade ago, as domestic start-ups and global firms have developed online voting systems using a mix of emerging technologies, including cutting-edge encryption, data storage and biometrics to address cybersecurity and voter authentication.
These developers say online voting may not be perfect, but neither is paper-ballot voting. They are tackling concrete challenges and evolving like any emerging technology, they say. However, they say that they face critics seeking to kill their industry by putting a scientific glaze on fear-based attacks, while demanding online voting meet technical standards that no voting system—paper-based or not—can satisfy.
“The recommendations are hard to dispute, but, to me, the requirements outlined are so stringent they may be impossible to meet,” wrote John Patrick, a former V.P. of Internet Technology at IBM and early evangelist for the web, in his 2016 book, "Election Attitude: How Internet Voting Leads to a Stronger Democracy." “The opponents are only willing to compare internet voting to a perfect system that we will never have, rather than compare it to the 150-year-old much less perfect system we currently have.”
Patrick’s book is detailed and favors online voting. He highlights an ongoing effort by a cadre of academics, computer scientists and others to influence government policy recommendations to discredit even the prospect of online voting. A telling example cites a detailed 2015 report from the U.S. Vote Foundation, “The Future of Voting: End-to-End Verifiable Internet Voting,” that sought to pre-empt technologies now being tested in West Virginia’s pilot for overseas military and civilian voters.
“A typical report of this nature would include recommendations grounded in reality, mitigating alternatives, and recommendations to overcome the challenges,” he said. “The technical team and advisory council for the project consist of 19 members. Although the organizations are separate, eight members of the U.S. Vote Foundation were board members or advisory board members at Verified Voting.”
Verified Voting is the computer scientist-led advocacy group that has long said online voting cannot be secured or trusted. It originated in the early 2000s after Congress spent nearly $4 billion to help states buy all-electronic voting systems that became known for opaque features such as an inability to verify counts, software kept hidden as trade secrets and few cybersecurity precautions. Verified Voting’s criticism of these older systems, part of a larger chorus, has been validated. Most states are now returning to voting systems built around auditable paper ballots.
The group has also aggressively worked to stop online voting — issuing papers that cite their previous work or government reports that they successfully influenced. For example, the hard lines laid out in the 2015 report that Patrick cited are echoed in a post-2016 election study by the National Academy of Sciences and recur in a shorter 2018 paper by David Jefferson, a Verified Voting board member and Lawrence Livermore National Laboratory scientist. In all these instances, experts connected to Verified Voting have obtained language in reports or said outright that pivotal new technologies are tantamount to snake oil.
Seen broadly, they contend that no voter, no election official nor voting technology firm can be certain that any of their computers, devices, hardware, software and programming can be free of malicious code that could be secretly activated to alter reported election outcomes. This threat is especially true of anything touching the internet, and includes attacks impeding or penetrating digital infrastructure. As such, the prospect of online voting violates their convictions and expertise.
Strategic opposition, evolving progress
Most recently and specifically, Verified Voting has strategically sought to impugn advances that could become building blocks of secure online voting systems. These technologies are using biometrics (facial scans and fingerprints) to confirm identity and blockchains as a virtual ballot box. Blockchains encrypt and dispense data over multiple distributed ledgers, where any changes in underlying voting data would not be possible. In notable cases, they have put their authority ahead of facts to debunk developments.
In the “expert statements” appending the 2015 report cited by Patrick, Jefferson wrote:
“Many people have suggested voter authentication systems based on biometrics such as fingerprints or retinal scans. For very good reasons too numerous to fully explain here none of these mechanisms is suitable for online voting. And it is important to note that while some mobile phones and tablets have fingerprint authentication devices built in, such systems authenticate the user to the device only. They do not authenticate the user to any remote service over the Internet, nor can they easily be extended to do so securely.”
Beyond stating a conclusion about biometrics without evidence — “reasons too numerous to fully explain here” — this assertion isn’t correct. If biometric security were as weak as stated, the FBI would not have hired an Israeli firm to hack into iPhones after Apple repeatedly refused to unlock them in 2015 and 2016 following mass shooting incidents. (In 2013, Apple was the first company to introduce biometrics to a widely marketed consumer device via fingerprint authentication. Facial recognition soon followed.)
In October 2018, Verified Voting issued a short paper by Jefferson targeting blockchains. A blockchain is a relatively new way of securing data by encrypting it and distributing fragments on a series of independent servers connected by the internet that are constantly checking to see if underlying information has been altered. Blockchains are best known as the basis for cryptocurrencies such as Bitcoin. They have been vetted by the National Institute of Standards and Technology and are being globally adopted by financial institutions because of the underlying security architecture. In online voting, blockchains would function as an electronic ballot box — a prospect Verified Voting rejects.
“Any kind of Internet voting, with or without blockchains, serves as an invitation to hackers, political partisans, and international rivals to attempt to remotely and silently suppress or change votes, putting a thumb on the political scale in favor of their goals instead of the electorate,” Jefferson wrote in “The Myth of ‘Secure’ Blockchain Voting.”
Blockchains are replacing an earlier and much less secure generation of internet-based voting procedures, such as emailing soldiers overseas a ballot as a PDF document, to be filled out and returned online or via postal mail. Last fall in the second phase of a West Virginia pilot project, blockchains were used in conjunction with biometrics to verify whoever is getting an online ballot was who they said they were, was a legally registered voter, and had voted only once. The app from the start-up Voatz also allowed voters to view and verify their vote after their ballot was encrypted on the blockchain, and to dispute or update it until the close of voting.
More specifically, Voatz used 32 servers split between two cloud companies and in four locations. The servers ran widely used open-source blockchain software originally from IBM. Voters first had to submit a state-issued photo ID and then a “video selfie” that had to match their ID photo before getting a ballot. After voting, they added a fingerprint or another video to submit their votes. These steps are more rigorous than in-person voting at precincts.
The ballot then went to the blockchain, with an email copy to the voter and to state election officials for auditing. Voters could change their vote — one did. On Election Day, county election officials opened the blockchain record to print a paper ballot, which was scanned and counted with other paper ballots. Last fall, 144 voters from 30 countries voted this way.
Nonetheless, Jefferson claimed that the use of blockchains as a ballot box wasn’t good enough because they were part of an overall system that could not be perfectly secured — a dodge. “Blockchains cannot deliver the security guarantees required for safe online elections,” he said. “The summary is simple: most of the serious vulnerabilities threaten the integrity and secrecy of voting before the ballots ever reach the blockchain.”
Returning to the prospect of online voting in Iowa’s 2020 caucuses, the computer scientist who feared doing so would invite hacking by the RNC or Kremlin labeled Voatz’s pilot a sham. They dismissively said that there was no way of knowing if the overseas votes had been hacked or if its reported results were correct.
They were asked, how would anyone know if a digital device had been infected by malware or if votes had been secretly changed? No one would likely know, they replied, because hackers can make something appear on one screen and still change underlying data that was stored or tabulated elsewhere. In sum, they said that you could not prove that anything happened; you could not prove that anything did not happen; and you couldn’t even say that it might not happen in the future.
Is online voting a doorway to an era of perfect election crimes — starting with the RNC or the Kremlin helping to re-elect President Trump? Or, is this logical construction a trap that prevents evolution in election technology? Is this a black-or-white issue? Or, are the realities surrounding online voting in 2019 in flux, and more accurately depicted in shades of gray?
The counterpoint and Iowa 2020
On the other side of this fray are not the usual suspects in the voting wars — election industry heavyweights whom anti-computer voting activists have abhorred for inundating states with shoddy and opaque electronics after 2000’s election. (That pattern continues today in states like Georgia.) Today’s online voting developers, technologists and their advocates have come from successful Silicon Valley experts, including people who left top jobs and spent years creating start-ups including what’s arguably the most transparent and granular vote-count audit system in America. If anything, they want to put these behemoths out of business and introduce more accessible and accountable elections.
The developers of online voting say their opponents’ arguments are structured like this: We’re so smart; believe us. Elections are one-time events deserving rigorous security beyond anything in e-commerce. And they will tout their academic credentials ahead of evidence. In short, they’re bullies. As one online voting consultant put it, sighing, “As Christopher Hitchens said, ‘That which can be advanced without evidence can be dismissed without evidence.’”
That summation, while striking, is not the full story. Verified Voting has long called on technology firms, non-profits and foreign governments involved in online voting to turn over their software to be independently examined for hacking vulnerabilities. (Switzerland recently announced a “hacker test” for its online voting system.) But in several notable cases where the developers have done so, such as in 2010 in the District of Columbia (when passwords were found to be lacking) or in 2013 in Estonia (where opponents said their national system couldn’t withstand foreign attacks), academics associated with Verified Voting issued sensational reports to the media — rather than collaborate on solutions. Patrick’s 2016 book recounts these incidents.
In 2016, a student of the computer scientist leading those 2010 and 2013 gambits, the University of Michigan’s Alex Halderman, tried to undermine an online voting trial in Utah. The student put up a fake website to lure and frustrate voters in GOP caucuses, Patrick reported. A computer scientist with direct knowledge of that episode confirmed it, calling it a white hat — good guy — effort. Better Americans than Russians, they argued, adding that if this reporter suggested anything positive about online voting that it would be akin to selling snake oil to naïve Democrats in Iowa and Washington.
This vehement divide may soon break into the open as caucus states like Iowa work with voting technology firms to institute the 2020 system that fits their state’s unique protocols and the DNC vets the details later this spring.
These developments highlight the importance of understanding strengths and weaknesses of online voting, and the experience of the early deployments. As the Independent Media Institute has reported, online participation in Republican caucuses in 2016 and 2018 in Utah were marred by technical glitches and voter errors — offering valuable lessons. On the other hand, online voting in party caucuses and conventions in Arizona, Michigan and Massachusetts has gone well, participants said.
But the realities and challenges facing online voting in 2019 are not the same as a decade or even a few years ago. The Democrats are grappling with the biggest challenge in elections — how to boost participation in a changing electorate when tens of millions of eligible citizens do not vote.
There may be an overriding reason why online voting opponents fear the newest advances and West Virginia’s small online voting pilot — in a state where historically low voter turnout persists. As Nelson Mandela, Pliny the Elder, Daniel Wilson, Elbert Anderson Young, Robert H. Goddard, Robert Heinlein, Norton Juster and Paul Eldridge allreportedly have said with slight variations, “It always seems impossible until it is done.”