EVoting (or where the wild things are)

new_luddite11I do feel like Max sometimes. Sent to bed after making mischief in his wolf suit. Or as one commenter once said to me “You wear your ignorance on your head like a multi-coloured hat!” And so it was I entered the debate, quite innocently, on whether we should be engaging in EVoting or not.

I waded into to support it to then suffer the slings and arrows of rampaging wild things who sought to put me back on my boat and send me back to the real world, no King of the Wild Things for me.

The hysteria has been substantial with EVoting dangers being compared to the Ashley Madison hack and the Death Star. The Dominion Post wrote an ill-informed opinion piece on it as well, though they have no love for the Wellington City Council.

This rolled into a long debate on the NBR (currently pay walled) on who was right and who was wrong, but I feel that my point was somewhat missed. So I’m going to spell it out again, hopefully not wearing my patented Wolf Suit.

New Zealand has a strong entrepreneur spirit. We see this all through our brief history. Making things work with number eight wire being the old cliche that otherwise would be stuffed. We also have a very strong adventuring spirit, climbing the world’s tallest mountains, around the world yacht racing, exploring, all of us having undertaken at least one overseas experience. We have a high-degree of tech savvy experts spread in a small community from the commercial giants like Xero to the Department of Internal Affair’s Identity experts who travel the globe advising others on the discipline.

So when presented with EVoting, why on earth are we not seeing it as an opportunity to show that spirit again rather than garner fear by pointing out some imaginary boogie man that is possibly hiding under the bed just waiting to eat us?

It is my opinion that there is a thread of culture in the New Zealand ICT Industry, appearing usually in government, that is about saying “No! You may not! We are experts and you are wrong!” rather than seeing the opportunity in a risk and finding a solution. Maybe it was this culture that we saw in the last two weeks.

“But but but!” they bluster, “Look at all the privacy failures in Government in the last three years?” Yes, privacy failures, not hacks, all as a result of poor business practice, not technology, that has led to a virtual gravy train for security consultants.

The lobbyists against appeared to be a well-organised and connected group of IT experts. Their motivation for scaring some Councils into rejecting EVoting is a disappointment. They have set those Councils who have said no to EVoting back years in that respect. It will be twice as hard to make the decision for, next time.

And for what? Unspecified, unqualified, risks. The Ashley Madison hack, the Sony hack, the Death Star vulnerability (yes really), and a list of other scary hacks. If all those things can be hacked then so can EVoting, by some “foreign actor” perhaps, a communist, the NSA, or other agent of destruction.

They did not assess the risk of EVoting (a system which has not been built here yet) against the current paper system. “One person could vote for everyone in their household!” said one. Yes, and one person could fill in all the paper forms as well.

They found a list of places where EVoting had “FAILED” rather than acknowledging the fact that in all those cases, local and central governments had tried. They didn’t want us to try. They just wanted us to not do it.

We have our medical information online, we have our passports online, we have RealMe, we manage our companies online, we have our banking online, defence systems, MSD, ACC, I can manage my tax online, all our social media information, we are online. 

The price of that is that sometimes it doesn’t work, and you will note, that there are controls in place to mitigate it, particularly by financial institutions.

If we believe the those against then we should disconnect those services because the risk is too high by their argument. We should simply detach them from them world.

While I judge the DIA efforts harshly from time to time, their end goal is brilliant. The ability for citizens to digitally connect to government, the ability for data to be open so we can create new services, the ability to share sensitive information to protect our most vulnerable.

No system is truly secure.

What makes a local body election vote any different from those deeply personal pieces of information? The threat apparently, that some nefarious entity will be able to alter the outcome of the elections.

Let’s look at that for a moment. Who would bother? Why would anyone be interested in hacking the results of an election result in a city the size of Wellington? Don’t they think we would know when suddenly all the local Councillors and Mayor are replaced with what, fourteen developers?

Can you imagine the sheer cost of trying to do that along with the connections to those nefarious groups? It would be cheaper to pour money into a local election and win it that way. Far cheaper. After all, local body elections are often about name recognition.

Will it increase voting? We won’t know unless we trial it.

Can we make it adequately secure? We won’t know unless we try.

This trial will be overseen by the DIA. You will not be forced to participate, it will be your choice, as is any vote. If the DIA can’t build a secure system by the next local body election, it won’t happen. Checks, controls, and the oversight of election bodies will be strong.

Here’s hoping that when DIA puts together the team to attempt this they weed out the luddites. Otherwise it will be destroyed from within.

New Zealand has long been a test bed for new technology, consider we had the first ATM’s in the world. Some of the first digital telephony. In Telecom we had Advanced Solutions that came up with a number of projects partnering with international companies that produced some amazing results.

If we don’t trial it, we’ll never know.

We need to remember that we are a country of innovators, we don’t give up easily, we test, break, refine, and we lead the world (or used to).

We shouldn’t be spending this massive amount of time under the auspices of being an “IT Expert” to scare people into stasis. We should be spending that time and energy on figuring out how we can make it work.

And if we fail, at least we can say we attempted it.


  1. Ian, being castigated as naughty wolf suit Max or worse will be a familiar role to those who deign to question that the debate or the science is settled!

    Interestingly a recent Innocentive challenge (http://www.innocentive.com/blog/2015/07/03/seeker-spotlight-votem-join-the-mobile-voting-revolution/) which finished last month, was offering US$230,000 to provide architectural solutions that solve the three main e-voting obstacles: security, identification/authentication, and accuracy and verifiability.

    More generally, one of the biggest issues with electronic security is ‘inequitable theoretical vs practical risk’. As an example, unsecured electronic mail is a massive theoretical risk, yet is clearly an acceptable practical risk from peoples’ actions, such as being used by tens of thousands of lawyers worldwide to send contracts etc. Actually the same goes for postal mail (including sending voting papers), which can sit for days in an unsecured residential mail box. Yet for e-voting there are proven, potential verification methods like automatic callback to personal cell phones, plus machine learning methods that could quickly identify suspect voting patterns, which could be investigated before associated votes are confirmed. For the rest, electronic booths could be provided, situated in post shops or wherever. So it really shouldn’t be that hard to develop a system that is lower risk than current paper voting, which in some respects seems remarkably insecure.

  2. Further – Having read through the highly critical audit of the Estonian e-voting system (https://jhalderm.com/pub/papers/ivoting-ccs14.pdf), there is nothing technical there that strikes me as insurmountable. Most of the problems identified were generic security ones, rather than being specific to e-voting, mostly to do with security awareness and ‘culture’. To address this an NZ e-voting ‘authority’ would need to be run with a similar security mindset and understanding as our passports service and most likely closely monitored by GCSB. In any case, with regards ‘inequitable theoretical vs practical risk’, the audit report is effectively one sided as there was no comparative analysis of the Estonian ‘paper’ based voting system, so whose to say that similar risks don’t exist there.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: