Go to the profile of Dan Auerbach
Dan Auerbach
Interested in fairness, transparency, security, large data sets, social interactions.

Online Voting Is The Only Rational Kind of Voting So Let’s Soften Security Requirements and Make It Happen

In the information security and privacy community, it is commonplace to take the position that online voting is a non-starter for important elections. I won’t go into details here, but the problems are myriad: strong authentication is extremely difficult, Internet-connected systems are quite vulnerable to many different types of attacks, and so forth. And it’s true that if the goal is to minimize the amount of fraudulent, missing or altered votes, then old-fashioned paper ballots — while by no means a panacea against fraud — are vastly superior to a networked, computerized voting system.

A Different Evaluation Criterion For Voting Systems

But let’s pause and think harder about this issue.

The implicit premise of all the papers and discussions I’ve seen when discussing the security of electronic or online voting systems is that the goal of a voting system is to ensure every vote is properly counted and maximally resistant to fraud. This is a natural lens through which to view the world as an information security engineer, but I would like to challenge it and instead suggest that the goal of a voting system is to best approximate the will of the voters.

In the world of information security, the starting premise is that every vote counts and that we need to maximally guard against the possibility of any votes being altered. This is often a great mathematical framework to study in, and leads to interesting theoretical conclusions that will help us build better voting systems in the future. I don’t want to get rid of thinking about the problem in this framework, merely to suggest that there are other ways to think about it too.

In real elections there are rounding errors everywhere: incorrectly filled out ballots due to user error, people who are ill the day of the election and aren’t able to vote, mailed in votes that are lost in the mail. The plain ugly fact is that individual votes don’t matter in light of these rounding errors. Instead, we can re-frame the problem as a statistical one: how can we minimize fraud to ensure that, as far as rounding errors go, fraud is unlikely to change the outcome of an election? We could even flag close or suspicious elections as undecided, and move to a more secure election system in that scenario. When viewed through that lens, online voting no longer seems (to me, at least) to be quite as Sisyphean a task. We do not need to count every single vote correctly, we just need to pick the right outcome with a high likelihood.

Online voting makes voting (more) rational

Let’s get back to the original choice: online voting or paper ballots? Measured against the primary goal of accurately expressing the will of the people, I think it’s entirely plausible that a not-terribly-secure online voting scheme could represent a superior system to a more secure ballot-based system.

To understand how that could be, it’s important to emphasize that voting is a (minor) burden. In the United States, we might estimate that it takes 1–2 hours of time on average to vote in a general election: to commute, to fill out your take home paper ballot, etc. Given that time commitment, it’s mathematically irrational to put much energy or effort into voting. Your vote doesn’t matter, as single votes are well within the margin of a rounding error. Moreover it’s the least meaningful thing you can do to influence an election. If you want to have an impact, then give money, cold call people, canvas neighborhoods, sign up for voter outreach programs. Heck, even on election day, it’s probably better to spend that hour of time getting other people to vote instead of bothering to vote yourself.

The idea that individual voting matters little — realistically it matters some tiny delta that is basically zero — seems hard to grok. I think that’s partly because in the United States we’ve been democracy-brainwashed since youth to think of voting a sacred act and privilege, and alarm bells naturally ring when this idea is under attack. As a society, we’ve made it seem and feel like a big action. There are lots of standard replies to this, the most predictable one (you might be thinking it right now) being:

“Well what if everyone thought that voting was irrational. Then nobody would vote!”

I never really understand this as a retort. As natural and attractive it might be to think of myself as the center of the universe with powers to change others’ actions via mysterious collective consciousness witchcraft, thinking in this way when it comes to collective action is a fallacy. In reality, your actions simply do NOT influence others except by the usual means: talking to them, writing blog posts, wet willies, and so on. If every person reads this article, finds it extraordinarily convincing (ha!), and polls show that no-one is going to vote, then it will be rational to vote. Put succinctly, we choose our actions and measure their significance against the backdrop of what we believe or know — roughly, statistically — others are going to do.

OK so voting is not a big deal. But maybe you’re not convinced it has zero value. It must have some, even if it’s infinitesimal, right? Or maybe you just aren’t compelled and think individual votes have value. So why not just do it? What’s the barrier to voting after all?

The only significant barrier in the broadest sense is that it takes 1–2 hours (author’s side note: I’m oversimplifying as there are lots of barriers for lots of people, everything from not being able to leave work to state laws designed to disenfranchise African-Americans. These issues are important, just not the topic of this post). If voting took 1–2 minutes, there would be a lot less friction.

And I think now that you finally see how all of this ties together. If we had online voting, the act of voting would be easier and take less time, hence be more rational for voter, hence our voting system would be a more accurate expression of the will of the people.

So to the information security community, I will make this plea: stop considering the issue (only) through the lens that every vote matters, and being snarky and dismissive of the possibility as a result. We do not need an online voting system to be held to such a high security standard, we just need it to be good enough.