Home / Blogs

Making Voting Easy is Scaring the Life Out of Security Experts

Dr. John R. Patrick

Apollo 11 was the spaceflight which landed the first two humans on the Moon. Commander Neil Armstrong and lunar module pilot Buzz Aldrin landed the Apollo Lunar Module, Eagle, on July 20, 1969. Armstrong became the first person to step onto the lunar surface six hours later, and Aldrin joined him 19 minutes later. The two astronauts spent about two and a quarter hours outside the spacecraft, and they collected 47.5 pounds of lunar material to bring back. Command module pilot Michael Collins flew the command module, Columbia, alone in lunar orbit while Armstrong and Aldrin were on the Moon's surface. Armstrong and Aldrin spent 21.5 hours on the lunar surface before rejoining Columbia in lunar orbit, and then returning to Earth. The documentary movie was fantastic and included never before seen footage.

I was two years out of engineering school at the time of the historic flight. Although I was not involved in any way, my employer, IBM, was one of the lead contractors. I was proud of that, but I remember being on the edge of my chair in fear. There were so many things which could go wrong. Imagine being strapped in on top of a three-stage rocket. The first stage was 138 feet tall, 33 feet in diameter, and full of liquid oxygen. The first stage provided over 7,600,000 pounds of thrust. While I was in fear, the three astronauts were fearless. They believed in the technology.

Speaking of fear, this week, the Los Angeles Times published "The vote-by-phone tech trend is scaring the life out of security experts". Vote-by-phone (and Internet voting) has been tested successfully by West Virginia and others. Estonia has been using it for more than a decade without issues. Vint Cerf, one of the fathers of the Internet, properly said, "We can do this." But the security experts are afraid like I was about Apollo 11 in 1969. It almost seems they enjoy being quoted in the press about all the things which could go wrong. We could put men on the Moon 50 years ago and a robot on Mars more recently, but we can't figure out how to vote electronically with security, privacy, and verifiability? Why aren't the "experts" willing to say we could do it if we planned carefully and took precautions A, B, and C?

The bottom line reason, in my view, is the experts compare Internet voting to a perfect online system which we will never ever have, and they are unwilling to compare it to the 150-year-old paper-based system of today which disenfranchises millions of voters. This morning, Axios reported the 2020 election turnout might be the biggest of all times. I am afraid. What I am afraid of is hours-long lines, broken 15-year-old voting machines, elderly people standing in line in inclement weather and damaging their health, ballots from overseas getting lost in the mail or arriving late and not counted, paper ballots in the U.S. not getting counted because something was wrong with the signature on the outer envelope, and thousands (or millions) of others who were unable to get to the polls due to last minute issues with work or family. When it comes to voting, we should worry about Russian attempts to influence us, but we should also worry about a repeat of 2016 when 100 million eligible voters did not vote because they could not get to the polls. Congressmen, afraid of technology, want to go to all paper rather than fund investments in technology, as we do for NASA, to strengthen our democracy in a way which makes it safe and convenient for American citizens.

"Silicon Valley is having some success in a crusade for voting by phone. Computer security experts are aghast to see election officials signing on." (LA Times / MAY 16, 2019)

By Dr. John R. Patrick, President of Attitude LLC – Worked at IBM for 35 years. VP of Internet Technology from 1995 to 2001. e-tired at end of 2001. Author of five books including Election Attitude – How Internet Voting Leads to a Stronger Democracy (2016). Founding member of W3C at MIT in 1994. Fellow of the IEEE. Member of board at Keeeb, Inc. and OCLC, Inc. Holds degrees in electrical engineering, management, law, and health administration. Website and blog at johnpatrick.comVisit Page
Follow CircleID on
Related topics: Cybersecurity, Mobile Internet
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

There are no tech fixes here Anthony Rutkowski  –  May 24, 2019 10:44 PM PDT

As someone who was an engineer who was actually part of the Apollo 11 Launch Team in the LC39 LCC Firing Room, might I suggest that: 1) the engineering and operations teams had reduced the risks to reasonably low levels by that time, and 2) the voting use case involves much more than technology.  Part of the strategy of many politicians is to use multiple devises to suppress voting, and the open design and known vulnerabilities of the TCP/IP internet platform itself became a means to engage in what DARPA Director Emeritus Steve Lukasik described in a DTRA report ten years ago as Mass Effect attacks on the dynamics of the voting process.  Ironically, the French Minitel platform was much better suited for voting use as was the OSI internet.  The relevant technology is arguably part of the problem rather than the solution - as the occupier of the White House demonstrates every day.

To post comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

Cybersecurity

Sponsored byVerisign