Dragging Our Democracy, Kicking and Screaming, into the 21st Century
As we live through one of the most historic elections in US history, I can’t help but return to a theme that has occupied me recently, namely that we are trying to keep this 250-year-old “house” up on its creaky stilts and we insist on doing so using not just rules created in a different era but also processes and tools designed back when it took a month to send a message cross-country.
If the elections have proven anything, it’s that our electoral system is showing its age. I’m not talking about controversial issues like the electoral college and gerrymandering but rather just the mechanics of voting itself. The fact that we’re still arguing, a month after the election, whether or not there was any fraud and filing lawsuits to overturn the results proves that we need a better solution. What will it take us, as a society, to finally realize that we need to modernize the way we govern ourselves?
In a world where we can instantly communicate with anyone anywhere, in a country filled with smartphones and laptops, why do we insist on doing things the old fashioned way when it comes to voting? We could use any number of modern tools at our disposal like fingerprint scanners and FaceID (tools that are a million million times more secure and precise for identification purposes than the status quo). Instead, we choose to scribble a squiggly line on a piece of paper, then hand it to an indeterminate number of people and wait helplessly as it makes its multi-day journey to be “verified” by comparing it to another squiggly line written years ago.
Why on earth, in this day and age, are we relying on pieces of paper and using a process that is error prone, full of opportunities for fraud and interference, and downright cumbersome and slow, to make our intents known to our elected officials? What will it take for us to seriously rethink some of these issues around our governing system? Voting is just one example. There are many other examples of government services that need a thorough reboot, a swift kick in the butt, into the 21st century. But let’s start with this most fundamental of rights in a democracy.
We’re willing to trust everything from our financial systems to the driving of our cars and flying of our planes to computer algorithms and online services yet no one dares suggest that we do the same with our election infrastructure. It would seem, at first glance, that the main reason for this is security or, more accurately, a lack of trust given all the scary headlines about hackers and foreign attempts at interference. However, a deeper analysis makes it clear that most of these concerns are misplaced.
Thankfully, there have been no widespread attempts at fraud but the current model, if anything, is far easier to “hack” than a cryptographically signed message protected by end-to-end encryption. What’s bizarre is that we have somehow convinced ourselves that the least secure form of identification is the best we can do for such a critical task. The reality, as we’ve seen, is that politicians prefer the current system because it makes it easy to meddle with elections, blocking access to minorities and using scare tactics such as sending in “observers” to strongarm the electorate. Online voting from the safety and privacy of your own home would, in fact, be far more secure and verifiable and would result in increased voter participation.
The best thing the current model has going for it, from a security perspective, is its naturally distributed implementation. The sheer number of states, counties, municipalities, and individuals involved in the process guarantees that the whole system can’t be undermined at a global level. But note that this strength is also a weakness when hobbled by paper ballots and manual counting procedures. Weeks after an election, we’re finding boxes of ballots that were misplaced or not delivered, “hanging chads” that confuse officials, and losing politicians arguing (with no proof) that fraud has taken place, thereby reducing public confidence in the results.
Until recently, the Achilles’ heel of any online voting system would have been its dependence on a single centralized database that can be hacked, thereby opening Pandora’s box and providing access to the crown jewels. The arrival of blockchain algorithms and the implementation of distributed ledgers have changed all that. We can finally build a secure fully distributed solution that is stored collaboratively across thousands or millions of computers and whose architecture is, by design, immune to tampering.
Today, almost 100% of the US population has a social security number. If we choose, we could implement the system using SSNs but doing so would immediately introduce privacy concerns since our SSN is already associated with information such as age, gender, race, income, country of origin, address, etc. I believe what we need to properly implement such a system is the concept of a “voter ID number” (VoterID). Imagine if the US government were to hand out to each of its citizens a unique number that proves they are a US citizen of voting age — and nothing else — unless they choose to share it. If you choose not to opt in, no problem — keep using the current voting methods.
The only thing this unique VoterID entitles me to is to vote for the US president, which I can do once every four years. Note that the government knows nothing about me — other than that I’m a unique US citizen of voting age. Every citizen gets a new VoterID when they register to vote. For existing voters, we can go through a process of dispersing VoterIDs with proper identification presented in person at a DMV or similar office.
This implementation presumes that we do away with the electoral college and implement a true democracy where every citizen’s vote counts the same as every other. If we wish to continue to implement the current electoral college, we could add our zip code to the VoterID thereby disclosing just enough information (but no PII — Personally Identifiable Information) while also enabling participation in local and state elections.
Note that the minute we do so, we have divulged information about ourselves that can, presumably, be harvested. I may choose to vote on California ballots but doing so comes at a cost in privacy. If you are a registered voter, you are already sharing much more data about yourself than you probably realize. A properly implemented VoterID system shifts control of your personal information back to you. You can choose what information you’re willing to share about yourself and, by doing so, can participate in additional government services offered online.
A US citizen with a VoterID can then use a supported device (with appropriate TPM chip and “root of trust” implementation in the operating system, end to end encryption, fingerprint scanner or FaceID, etc) to vote. 96% of Americans have smartphones and almost all smartphones built in the last five or so years have all the necessary hardware and software constructs needed to implement a secure solution. We can also use the smartphone camera to make a video recording of the actual voting process — for audit purposes.
The combination of all these measures is significantly more secure and auditable than the current squiggly line on a piece of paper and four year old driver’s license photo. It’s important to recognize that this is not an either/or choice. Anyone who doesn’t trust the new online system can keep going to the voting booth or mail in their ballot.
An initial implementation can stop here, streamlining the voting process and removing many of the uncertainties associated with the current system. The votes can still be tallied by human beings just like today. No need to stand in line for hours, be exposed to Covid, stare at hanging chads, or depend on the US Post Office for slow delivery. Such an app would almost certainly increase participation in elections thereby improving our democracy in the process.
You cannot possibly argue that the design of such a system is less secure than a piece of paper stuffed into an envelope, handled by several people at the post office and the county registrar’s office, and manually checked by a tired human being who has been staring at similar forms for days. See figure 1.
How about if, as a compromise, we just implement this in uncontested states and the “purple” states continue to use the current paper based system? We’d cover the vast majority of the potential market and prove viability without even impacting election outcomes. Somehow, I’m convinced this will be one of those “if you build it, they will come” stories. A decade from now, we’ll barely remember the good old days when we voted on paper and in-person.
The implementation will, of course, initially have flaws and security issues but this should not deter us from attempting the endeavor. Sir Tim Berners-Lee, the inventor of the World Wide Web, has been doing some interesting work on digital identities that can be a starting point for this work. We can do this. We have the technology. It’s silly to insist on using tools and processes designed two centuries ago. Our politicians are not likely to want to change the current broken system as it suits their purposes just fine.
If and when we’re ready for the next logical step, we can use a blockchain based distributed ledger to implement the backend system needed to tally and report on the results automatically. This architecture ensures that the data is not kept in a single place that can be hacked but rather distributed around the web for better security while also providing an audit trail.
There are two main fallacies in all the arguments I’ve heard against such an online voting system: (1) the presumption that it’s an all or nothing approach, that we have to flip the switch overnight and dismantle the existing system and infrastructure. Nothing could be further from the truth; the two systems can coexist as long as we wish. The current approach of defaulting to the least common denominator solution for all voters is broken. Instead, we can implement the best possible solution for the vast majority while allowing the remaining voters to continue to use the existing system. (2) the concern that the new system will have flaws that can be utilized to undermine the voting process. “If you can’t solve every conceivable problem right out of the shoot, we shouldn’t even try,” they seem to be saying: the current system is fine and we should just stick to it.
Any system will have flaws. The right answer is to understand the value it delivers (many orders of magnitude more efficient, accurate, and secure than today) and consistently improve the implementation over time. We can even iterate on the new system through local and state level elections to harden it and we can always fall back on the current system if and when needed.
Once you get past these two main issues, other concerns are raised around privacy and voter fraud — problems that exist today as well. Tell me you believe we’ll be using the same paper based system a hundred years from now and I’ll say fine, we can stop trying. Anything other than that outcome means we’ll need an online solution. The sooner we start, the sooner we’ll get there.
It’s time for us to disrupt the way we govern ourselves. It’s time to bring our government, kicking and screaming, into the 21st century. Voting is the most fundamental right bestowed upon citizens in a democracy, so we should start there.
“Computers can easily be hacked. It’s not safe.” Compared to what? The system we use today? It’s a billion times safer and more secure. Besides, I’m not proposing we switch overnight and destroy the current system, rather that we augment it with an online solution. If an online solution can address a subset of the voting needs, the current system can continue as before until we work out all the bugs, address security concerns, publish tools to open source to show that our algorithms are safe, etc. It will take years to convince people to move over to such an online model; meanwhile, anyone who is not comfortable can continue to use the current model.
As people become more comfortable with using the online system, less and less resources will be used on the old model simultaneously increasing our efficiency and accuracy. We could offer anonymized statistics about results instantaneously instead of using pollsters and waiting days or weeks for results. We can provide information to voters about the topics and people they’re voting on. Compare that to the model today where most voters see the names of the candidates for city council for the first time on the paper ballot when they enter the voting booth.
“But old people, but farmers, but the poor, but …” Guess what. The vast majority of them already carry such a device in their pockets — and if they don’t? No problem. Just keep doing what you’re doing today. It’s not either/or. The two systems can coexist for as long as necessary or convenient. Step 1, as described here, would consist of nothing more than an app that virtualizes the voting process — using the same tools that you use today to do pretty much everything else it is that we humans do.
“But I don’t want some AI involved for face recognition. I’m worried about my identity being stolen.” Your phone already has all this information about you! All I’m proposing is an app that uses the same technology you use to bank or order stuff on Amazon — technology that has been through years of testing and hardening. Most importantly, your personal information never leaves the phone.
“What about Russia?” We have that problem today. Nothing changes. Besides, as we’ve seen, social media and fake news are a much easier attack vector than a direct assault on the voting apparatus. Russia, Iran, and China don’t need to hack our voting systems to influence our elections. There are much easier ways to do so, thanks to Facebook and Twitter — neither of which require reverse engineering SHA-256 encryption algorithms.
“But we need the paper trail in case there’s a question about election integrity and we have to go back and recount.” We only needed the pieces of paper because humans, historically, haven’t been good at counting so questions would come up that require access to the literal proof of a given vote. They are a historical necessity, not an enabling technology.
When is the last time you insisted on touching the actual pieces of paper (dollar bills) that represent your net worth — as opposed to just trusting a computer to keep track of it for you?
Why would you insist on using an outdated paper based system when I can give you digital certificates, two factor authentication, end to end encryption, and a video of the voter in action?
“But the fact that states and municipalities implement the voting system is a plus. It means there is no single point of failure where an outside entity can influence a large chunk of the votes.” Understood — and agreed. It’s a distributed system. So is the one we’d implement.
Election observers can verify that each vote comes from a unique device, that the device has used biometrics to verify the identity of the voter and match it to a unique VoterID, that a single human doesn’t vote twice on multiple devices, that the data hasn’t been tampered with thanks to end-to-end encryption, etc. (each ID can be used only once and must match a unique fingerprint/FaceID/Iris scan. This data never leaves the device).
“What if someone hacks into your database of votes?” There is no central database. The voting system is implemented as a distributed blockchain.
“The current system is good enough. We only need it for a few days once every two or four years. It’s not worth fixing.” This is the wrong way to think about it. A system, as described above, can be used to create a vital and efficient link between a government and its citizens. A large percentage of the population doesn’t bother to vote (or gives up after waiting hours in line). Streamlining the process means more people will participate in our democracy.
Imagine having such a system in place that is used by 99% of the populace. Now you have a direct connection to your citizens. You don’t need to wait four years to ask them a question. A vote on a referendum can happen at any time instead of having to wait for the next election cycle.