My oral submission to parliament regarding Online Voting

On the 30th of July, 2015, I was able to make an in-person submission to the Justice & Elections Select Committee, which was holding a (routine) inquiry into the 2014 New Zealand general election. What follows is a rough transcript.

So, online voting!

We have people so excited about the potential online voting has for voter participation, and reducing cost, and I really do understand why that is. In the past five years especially, there has been so many pieces of software, and websites, like Xero and Trade Me, that have dramatically changed people’s lives, and shown us all a shiny future. Looking at this chart (below), the willingness to vote online seems to be building, and is especially high among people with tertiary-level qualifications. Some people even say online voting is inevitable!

Willingness to vote online in general elections in New Zealand, by highest qualification, 2009 & 2012, % of all individuals. More information:

And yet, there are people who provide seemingly extreme and dramatic positions against online voting. People that throw stones at those who are driving for it. I’ve been thinking about this, and I think I know the reason for it. It’s because we are absolutely terrified by what will happen if online voting comes to pass. We are terrified, and we don’t know how else to share and get people to understand what we see.

So, what I want to do is show you what I, as a software developer, see every day.

A few months ago, the US government got itself hacked. Again. This time, it was the Office of Personnel Management. We are talking about the data of over 20 million past, present and potential employees of the US federal government. This data includes fingerprints, and data about people with top secret clearances. The full scope still isn’t known, the US and China are still arguing about it, and as usual with these things, nobody has been caught.

Last week, the “have an affair” website Ashley Madison was hacked. Over 37 million people’s data was taken. This data includes people’s sexual fantasies. If someone had both datasets, they could combine them to get list of US government employees who could be blackmailed. I hope none of those employees are systems administrators for online voting systems.

I see a world in which basically nobody knows how to secure themselves online. I guarantee you, around this table, there are people running unpatched software on their devices. Do any of you have an Android phone? Did you know that it has recently been revealed that due to a flaw, I could send you a specially crafted image in a text message, and then I would control your phone? Did you know that this flaw affects 900 million devices, and that due to Google’s incompetence, there is no path to patching many of them? And that this isn’t even the first flaw like this to be discovered?

The hacks go on and on. Did you hear about the Jeep that got hacked last week? Hackers disabled the transmission of a car someone was driving. From their basement. Chrysler is now recalling 1.4 million vehicles.

The problem of course, is that the world I see, is our world. It’s this world.

In our world, elections are one of the most important things we ever do as a nation. And in our world, I am very grateful that we have a paper ballot system. It has its problems yes, but it is super hard to hack compared to online systems.

But in our world, New Zealand wants councils to “trial” online voting in 2016. But the results are politically binding, so it’s not a trial. These will be production systems. The chances that councils have seen the world through my lens are basically nil, and there is no way any vendor wanting to sell them online voting software is about to educate them. Vendors will in fact actively work against them, whatever government oversight is provided.

In our world, 1% of the votes from our last election came from online voting by overseas voters. Fraudulently manipulating them would not have changed the election result, the margin was too wide, although there are some question marks over the Hutt South and Auckland Central electorates. I hope by now, you can understand my fear, when I read from the website for uploading your voting documents: “The Commission cannot guarantee the security of the computers, scanners and other devices or networks used by overseas voters to upload their voting papers.”.

In our world, according to this chart, from the Household Use of ICT Survey run by Statistics New Zealand, one in 20 people aged 45–54 have been victims of online fraud, and the trend is up. Part of this is because stopping people clicking on links in emails is apparently one of the hardest problems facing our species on the internet today!

Victims of Internet fraud from home Internet use in New Zealand, by age group, 2009 & 2012, % of recent Internet users. More information:

Do you remember Jennifer Lawrence (the actress) having nude photos stolen, and thousands of New Zealanders being emailed with an attachment along the lines of ‘jennifer_lawrence_nudes.exe’? People fell over themselves clicking that link so fast that Spark’s network suffered a DDoS attack from all the newly installed malware.

Imagine on election day, everyone being emailed vote.exe.

And in fact, that is just one way that I can think of to absolutely ruin an online election. Imagine thousands of people clicking a link in an official looking email, being taken to an official looking site, where they upload the ballot (or fill it in directly), except that site is run by attackers, who take their input, bouncing it to the real site in real time. So it just feels a bit slow. Then imagine that this fake site is modifying ballots. That is possible right now, and will be in 2017 at our next election.

This is our world.

I didn’t make a recommendation at the end, I should have but they didn’t ask and I didn’t think to do so. My recommendation is that we stop the online voting for overseas voters, end the trials, and revisit this whole idea only after the science has been done to allow us to guarantee the safety of online voting.

I would like to specially thank Philip Lyth, who has been invaluable in making this submission happen. He knows the ins and outs of government, who to talk to and what to say. This would not have happened without him. I would also like to thank all the people who provided feedback and support, in particular Lillian Grace for helping with the framing, and my wife Judith, for her support.

I plan to write another post on my experience of submitting to the committee. It was nerve-wracking but I think it’s been a great life experience.