Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2017
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Roger Clarke **
Version of 1 March 2005
© Xamax Consultancy Pty Ltd, 2005
Available under an AEShareNet licence
This document is at http://www.rogerclarke.com/II/Vic-eDemocracy.html
The perspective that I bring to this topic is that of a consultant in eBusiness and information infrastructure, a researcher and Visiting Professor in cyberspace and eBusiness matters, and a public interest advocate. My primary affiliations are identified below.
I draw attention to a paper that I prepared on 'The Internet and Democracy' in early 2004, which was commissioned by the Australian Government Information Management Office.
I also draw attention to the abstract and slides of a presentation I offered to the Law Faculty of the University of Hong Kong in September 2004, on 'The Internet and Democracy: Has Hong Kong Left It Too Late??'.
The first decade of the open, public Internet has created great expectations of open information flows. This means that parliaments are under threat from Direct Democracy, and that Representative Democracy needs to be significantly enhanced if it is to survive unscathed.
Several direct democracy techniques can be harnessed to improve conventional democratic processes. Of especial importance is the concept of so-called 'deliberative polling'. These are fora in which discussion and analysis are conducted, and communicated to both Parliamentarians and the public. This approach enables participation, and provides voice, but the Parliament delegates no power of decision. The technique could be applied at the constituency and precinct levels, but also to functional groupings (e.g. housing, roads, human rights). Although occasional meetings of such fora need to be 'in the flesh', most of the business of such fora can be more effectively and efficiently conducted electronically.
A further concern is the failure of the eGovernment movement to extend beyond brochure-ware web-sites and transaction-based services, a major motivation for which is the transfer of effort and cost from government agencies to citizens and small business.
Many agencies continue to handle enquiries and complaints very poorly, and very slowly. Freedom of Information is still stuck in the rut of 'contested, slow and expensive access to specified documents'. Agencies must be required to structure their (electronic) document management and content management systems and policies such that all documents are scheduled for publication on the open web-site, and are only withheld while specific exemption clauses apply.
The Committee specifically requested me to address the issue of the security of eVoting systems. This was because of conflict in the evidence provided to the committee by a range of earlier witnesses.
There are two categories of eVoting, which share many characteristics, but which differ sufficiently that they are best treated separately.
Electronic support for in-booth voting has been shown to be effective in Canberra, in the form of the EVACS system. Having originated what in other countries is referred to as 'the Australian ballot', election processes and management throughout this country have always been carefully conceived, well-managed, controlled and credible. The enormous problems encountered in U.S. elections reflect the very different environment there. The debates over devices provided by Diebold and others are therefore of interest, but only of partial relevance.
It is crucial, however, that such schemes be auditable, in the various senses of prior inspection of the hardware and software, checking of the controls over the scheme's operation, post-audits of performance, and the capability to perform re-counts.
Pre-auditability is heavily dependent on inspection of the device specifications and the software, complemented by means of assurance that the approved versions of hardware and software are actually deployed in all devices.
Inspection of software may be performed in secret, by specialist contractors. There is strong evidence, however, in support of the 'many eyes' principle espoused by the open source community. Reliance on 'security through obscurity' is inadequate - increasingly large numbers of people are capable of probing software for vulnerabilities, and of applying widespread knowledge of common vulnerabilities, especially in Microsoft software, but also more generally.
For software that has been in use for some time, there may be justification in providing a grace period before publishing it as open source. Such a grace period would enable tidying and internal documentation of the code, and release of one further, stabilised version that addresses outstanding fault reports.
Post-auditability depends upon the existence of parallel streams of data generated by the vote-recording device. This is most easily conceived of as two separate streams generated by the pressing of the 'Yes, record my vote' button - one stream digital and processed by the election software; and the other separate from that software.
The separate stream could be something digital (provided that it is demonstrably independent of the election software), or mechanical, or hard-copy.
This stream is usually referred to by commentators as being a paper trail (e.g. "a computer voting machine ... prints out an ATM-style paper ballot. The voter checks the paper ballot for accuracy and then drops it into a sealed ballot box. The paper ballots are the 'official' votes and can be used for recounts, while the computer provides a quick initial tally" Scheier (2004a). See also Schneier 2004b). But a paper trail isn't strictly necessary, provided that the post-auditability principle is satisfied.
In short, the EVACS trial has attracted attention throughout the world, and for good reason. It should be extended to locations beyond the A.C.T. It may find particularly valuable applications in pre-polling, and remote polling.
The other category of eVoting permits the use of devices attached to a wide-area network. The term 'wide area network' doesn't necessarily mean 'the Internet', but that is the current focus of interest, and many people can't conceive of other alternatives; so 'Internet Voting' is used here as a working title for the topic.
Many elections have been held using Internet voting techniques. I have participated in several, for the Board of the Australian Information Industries Association (AIIA), which were run by Brisbane company Surevote (which also submitted to the Committee).
There is a substantial literature identifying the vulnerabilities to which Internet voting is subject. I am aware that the Committee has documented many of these in its reference list, so I will do no more than mention that U.S. SERVE represents an important case study, and that the names of key authors in the area include Cranor, Mercuri, Rubin, Schneier and Wagner.
Vulnerabilities exist in remote devices, in communication links, and in central software. Security was not a design requirement of the Internet protocols, and it is proving very challenging to retro-fit security features. A variety of 'add-ons', such as the widely-used SSL/TLS protocol, provide some degree of confidence in relation to some of the original vulnerabilities. New networking infrastructures, particularly wireless, have brought with them attractive functionality, but also new vulnerabilities.
Security was also not a design feature of the dominant Windows operating systems, the development tools used with Windows workstations, and the still-dominant IE web-browser. The enormous deficiencies in these dominant software suites are unlikely to ever be overcome. New operating systems on mobile devices are little better at this stage.
The existence of vulnerabilities does not automatically mean that any particular Internet voting event will be compromised. For that to happen, one or more threatening events have to coincide with one or more vulnerabilities. Accidents can be addressed with some degree of confidence. Intelligent attacks, variously by opponents, participants, insiders and 'researchers' are a far greater concern.
Internet voting is therefore entirely tenable, right now, for such events as the election of the Board-members of associations. The key characteristics that I suggest are relevant in judging whether to apply Internet voting are (a) the complexity of the election, (b) the contentiousness of the election, and (c) the breadth of the electorate.
Internet voting should be encouraged in elections that are simple, relatively uncontentious and involve a narrow electorate. Analyses need to be undertaken of the schemes' performance and security profiles, and attacks need to be carefully studied (and perhaps even encouraged). Such analyses require the development of a risk assessment framework, which identifies the wide range of factors involved. I estimate that the list comprises of the order of 25 major headings, each of which involves sub-areas that need detailed study.
The experience gleaned from such elections will enable sober assessments to be made about the advisability of applying Internet voting to elections that are complex, contentious and/or broad-electorate. I will be astonished if justifiable confidence exists in such uses of Internet Voting within the next decade.
The Victorian Parliament should instigate initiatives in the areas of enhancements to Representative Democracy, especially so-called 'deliberative polling'.
The Victorian Parliament should fund MultiMedia Victoria to extend the State's leading work in eGovernment beyond informational and transactional activities, to reach out to the residents of Victoria and thereby contribute to the emergence of eDemocracy.
The Victorian Parliament should fund the Australian Electoral Commission to trial EVACS, or some similar, open-source in-booth product, in elections in Victoria, possibly at first in specific contexts such as pre-polling or remote polling.
The Victorian Parliament should publish the information it has accumulated about Internet Voting in a readily digestible form, but should not move to adopt it in the near term.
Clarke (2004a) 'The Internet and Democracy' Australian Government Information Management Office, March 2004, also mirrored
Clarke (2004b) 'The Internet and Democracy: Has Hong Kong Left It Too Late??' Xamax Consultancy Pty Ltd, September 2004
Schneier B. (2004a) 'Voting Security' Essay, July/August 2004
Schneier B. (2004b) 'The Problem with Electronic Voting Machines' Weblog Entry, 10 Nov 2004
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Baker & McKenzie Cyberspace Law & Policy Centre at the University of N.S.W.,Visiting Professor in the E-Commerce Programme at the University of Hong Kong, and Visiting Fellow in the Department of Computer Science at the Australian National University.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 1 March 2005 - Last Amended: 1 March 2005 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/II/Vic-eDemocracy.html