I’m very honored and privileged to be part of the iVote Advisory Committee to Lt. Gov. Spencer Cox. This committee has a lot of smart people putting their minds towards considering all of the implications of expanding voting to be as convenient as pulling out a smartphone. I know several of the members personally, several by reputation, and several not at all, but from our first discussion, I feel confident that we’ll end up providing some very smart feedback that considers the full implications of turning personal connected devices into polling locations. My primary interest is in the security aspects of such a system.
The first and most important ground rule is to make it clear that there is no such thing as “secure”. All systems of voting will come with inherit risks and ways to game or compromise the system. This includes our current systems of polling places and balloting by mail. The challenge in evaluating online voting systems will be to create a system that is at least as secure as current methods.
In evaluating the attack potential of a target, you have to consider its value. As committee member Phil Windley has pointed out, value calculations on elections are very different than they are on business processes and property. A business figures that there is a cost of getting compromised in lost property or information, reputation, and damages. How would you determine the value of a compromised election? And if an election is compromised, how do you determine the “damages”? Doing this kind of quantitative analysis is very tricky. In fact, it may not even be possible. This may be a reason why Phil doesn’t believe online voting to be a particularly good idea despite the appeal.
I don’t hold the same level of pessimism, though I am glad that Phil is around to bring us back down to earth if we start getting a little too lofty. I believe that with proper technical and administrative controls, we can create a secure and robust system of online voting suitable for mass adoption. It’s only going to work, though, if we have a lot of eyeballs on it.
This is where you come in.
What all of us on the committee need is your feedback. You will think of things we won’t. Ways to include more people. Ways to compromise the system. Despite working with a lot of smart people, we don’t have a monopoly on good ideas.
Over the next several weeks, I’m going to share thoughts on securing various aspects of an online voting system, what potential risks are involved, and how those risks compare to the current system. If you’re familiar with CISSP domains, I’m going to try breaking the risks out into those subject areas. Help me make sure we don’t miss anything.