Tech tiptoes into the voting process
- By Derek Major
- Mar 23, 2016
While the country is probably still a long way from online voting, some states are testing the waters and building technology into election-related processes.
For the 2016 presidential election, Ohio will incorporate a common data format in its election management systems that will help election officials quickly and accurately collect election data from precincts with non-interoperable election management systems, and then quickly release that information to the public and news outlets. It’s hoped that the common formats will reduce the opportunities for error on election nights, when deadlines are tight and pressure for results is keen.
Ohio’s changes are based on the methods outlined in the National Institute of Standards and Technology’s special publication: A Common Data Format for Election Results Reporting.
The report specifies a common format for pre- and post-election data that allows election offices to report on data known ahead of the election (such as detailed ballot information), on election-night data and then during the post-election phase as updates and final results are compiled, according to a report in the NIST newsletter.
To create the data specification, NIST and a group of election officials, analysts and voting system manufacturers investigated reporting scenarios, as well as existing and emerging voting systems across the county.
Following the NIST guidelines should not only improve the handling of results from elections but also allow Ohio election officials to analyze the different types of ballots and actual voting systems used at polling places. It's hoped the changes will also help to identify errors typically made on ballots by voters.
While Ohio is taking a data-based approach to improving its voting systems, some voters in Utah tried out actual online voting. Utah’s Republican party hired Smartmatic to give would-be caucus-goers the option of casting their ballot online instead of traveling to a physical caucus location on March 22. The online option seemed popular as 59,000 Utah republicans registered online, according to a report in Wired. Unfortunately, some online voters had trouble casting their online ballots, the Deseret News reported.
State GOP chairman James Evans dismissed security concerns over online voting and told Wired that “as a private political party, the Utah GOP isn’t held to the same security standards as the government.”
However, other states have tried online voting and had little success meeting basic security standards. In 2010, Washington, D.C.'s Digital Vote by Mail system was hacked during its one-week trial. And in Florida, hackers apparently created a program to send spam ballot requests into the absentee-ballot system.
Many believe that no matter how strong companies like Smartmatic make their security, it’s impossible to secure votes across the hardware and networks that would make up an electronic voting system.
Email voting is vulnerable to attack because email headers can be easily forged, email does not use end-to-end encryption and it does not offer reliable authentication methods, according to David Jefferson, computer scientist in the Lawrence Livermore’s Center for Applied Scientific Computing who has studied electronic voting and security for more than 15 years. Emails can also be manipulated in transit by IT personnel who control its path. Malware can also be injected into receiving vote servers, he said.
Plus, “Internet elections are essentially impossible to audit,” Jefferson said. “The only vote records are on the server, and they are highly processed electronic ballot images that have been operated on by millions of lines of code on the client device, during transit through the Internet and on the server and canvass systems.”
So far, the best models for secure Internet voting are called end-to-end auditable cryptographic protocols, and they are still in the research and development phase, he said.
Derek Major is a former reporter for GCN.