Why Can’t We Vote Online?

Voting in elections is one of those essential modern tasks that seems as though it should knuckle under to current technology trends pretty easily. We can buy anything we want online, mostly; we can view our medical records online, check our bank balances. Renew a driver’s license. So, why can’t we vote online?

The question comes apart into two pieces; firstly, what are the specific practical obstacles to creating and running an online voting system, and secondly, even if we could build such a system, would it be a good idea to do so?

Here are a few of the main practical challenges of voting online:

  1. Verification. How can we determine that a would-be voter is who they claim to be? How can we determine that this personally is legally permitted to vote, and has not already voted in this election?
  2. Security. How can we prevent an online voting system from being manipulated from the outside? Possible manipulations would include altering votes to affect an election’s outcome or perhaps just reading data to see which way individuals voted.
  3. Performance. Studies show that web users are unwilling to wait more than a few seconds to get some kind of response from a web page. Elections are one of the “spikiest” of applications, meaning that user activity is concentrated intensely during a very short timespan (though this would be less the case if the main intent was to supplement absentee balloting, which has a longer window in which to vote. Even so, activity would tend to be concentrated around the voting deadline). An online voting system would need to be built to handle potentially very high peak loads.
  4. Usability. People give up very quickly on software applications that they feel don’t work well. With a physical ballot, once a voter has gotten to a polling place, they will slog through a complex physical ballot, though they may skip all but a few races. But a web user, confronted with a page that annoys them, will typically just close the browser tab and go back to giraffe videos without a second thought.

Can We Make Voting Online Possible?

Your first reaction might be to say that modern websites already overcome all of these hurdles. Yes and no. The first two areas are more than enough to make any effort at online voting extremely challenging.

Verification

Amazon and eBay don’t care how many different accounts the same real person creates. If you want to buy things under four different user names, with four different payment methods and eleven shipping addresses, have at it. For voting, it’s essential that each individual person vote once and only once per election. As a result, there would probably need to be a verification component that was not 100% online, much like a bank sending you a PIN in the mail.

A verification system that is sufficiently rigorous is likely to deal a significant blow to usability. Again, one would need to use something like a PIN mailed to a physical address. Banks can get away with this because online banking is a service that, once set up and running, people will use almost every day. People may be less motivated to wade through a complicated verification process for what is essentially a one-time interaction. The convenience edge of online voting would dissipate in a hurry if the verification process was remotely as complex as, say, renewing a driver’s license. A verification system that is sufficiently rigorous is likely to deal a significant blow to usability.

Security

As challenging as verification is, the challenge pales beside the issue of security. When you’re online, the whole world can see you. As a result, public online systems have to be secure from any hacker anywhere in the world. This includes international mafias, and it also includes nation-states. Performance and usability, on the other hand, are reasonably well-solved problems. An online voting system, especially one working at the state or county level, wouldn’t require major advances in either of these areas.

With enough dollars and expertise, any system on earth can probably be hacked. The reverse isn’t true — no amount of dollars or expertise can make the fundamental plumbing of the worldwide internet — technologies such as SSL, and TCP/IP itself — secure. These technologies were designed for use within academia, an essentially open world. These technologies weren’t designed to protect things as fundamental as core democratic processes, from possible interference by determined, malicious enemies the size of nation-states. The designers of these protocols would probably laugh at the idea. Technologies like IPv6 could mitigate some of these concerns, but adoption has been slow.

A Tough Combination

Online voting presents an almost unique challenge: voting requires strong identity verification so that votes only come from legitimate voters, and each voter can only vote once. However, voting also requires strong protection for anonymity so that a given vote cannot be traced back to the voter who cast it.

“Analog” voting solves both of these problems well: a ballot is prepared for you and you alone, but once you vote the ballot, a top tab with your identifying information is torn off and discarded, and the vote becomes anonymous. This is a physical process that an in-person voter can see happening. (Absentee voters need to take it on faith.)

In contrast, Internet applications that offer high security offer zero anonymity. My Amazon and online banking systems know exactly who I am and track and store records of all my activity. An online voting system would somehow need to anonymize votes once they’ve been cast. And how to replicate the security of a process where an individual voter, in person, sees a ballot physically anonymized? We would have to trust that an online voting system would do this. We could have people audit the systems for compliance, but who chooses the auditors? We end up with a who-will-guard-the-guardians conundrum. Which leads to a final consideration, discussed in the next section.

Should We Vote Online?

Suppose for a second that we can overcome the hurdles just discussed. Are there any reasons that, even if an online voting system CAN be built, that perhaps it should not? Perhaps the best argument against online voting systems comes from the technical sector itself, where giants like Apple, Microsoft, and Google exert tremendous control over speech and culture simply by their control of the networks and software over which so many people communicate today.

Apple can influence what songs we buy. Google tells us which web pages are worthy of our consideration. Networked computer systems are used by millions but are built, maintained, and controlled by much smaller numbers of people. The people in control have almost unfettered access to manipulate the software we use as well as an ability to go in through “back doors” that they may have deliberately built into the system.

It’s axiomatic that every system has a superuser, a person, or persons who have unlimited privileges in the system. It’s generally accepted that superuser access is necessary for administration and troubleshooting. But superusers, who are generally few in number, with unknown identities, have extraordinary control over systems and can cause extraordinary damage. So an online voting system would not only be vulnerable to subversion from outside but would also be vulnerable to subversion or misuse from within.

Additional Resources

Further Reading

2 thoughts on “Why Can’t We Vote Online?”

    1. Hi Taylor: Estonia does indeed allow online voting. It’s a a great example since it highlights so many of the inherent challenges. On the one hand there have been critiques, some of them severe, of the Estonian system’s security. On other hand, defenders have condemned those critiques as politically motivated. Given Russian’s known ability to disrupt Estonian networks, I’d be inclined to be worried.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top