Once more: online or e-voting? No. Just no

OK, let’s summarize this again.

Once more: online or e-voting? No. Just no /img/what-part-of-no-e-voting-dont-you-understand.jpg

Whenever the results of a vote would not have substantial impacts on the people who did not, or could not vote, eligible voters are welcome to use whatever suits their fancy: e-voting, tossing dices, goat entrails… We won’t notice, so no problem. In all cases of really important voting instead, that is (at least) all political or administrative elections: here is why online/e-voting is something that you should just avoid, period.

First, some definitions and reminders:

  • online voting: (or internet voting, or i-voting) voting from wherever you want, with your own hardware
  • e-voting: voting, and above all processing the votes, inside an official polling station, but entirely with electronic, officially validated machines
  • vote MUST be freely expressed, 1000% anonymous and secret

Online/e-voting is dumb because:

Voting must NOT be banalized

Making voting as quick and easy as a Facebook “like” will only convince more people that voting doesn’t matter, not the contrary. And even in the opposite case, it would just provide more totally uninformed votes, and be wrong in principle anyway. Voting must be “hard”. Standing in line makes sure that only committed voters vote. People who can vote but won’t because it’s boring, or takes a few hours every few years have bigger problems, that can’t be solved by voting systems.

ANY “remote” voting is stupid

Especially if it is digital, through the Internet, with one’s own device. First, it’s voting by people who by and large still use “1234” as password or never update software, with endless combinations and configurations of software and hardware. It’s simply impossible to guarantee that those who would surely vote with cracked devices would never be enough to have serious consequences. And if you think “we already do payments this way, why not voting?”, you’re missing something big, see “frauds” below. Ditto for “blockchain!!!!”. Because technical risks are nothing here.

The real, unavoidable problem is that voting can be “freely expressed, 1000% anonymous and secret” only if it happens in a dedicated, safe place. Voting online, with whatever equipment, makes it both easier and less detectable, on a much larger scale than other systems, to be forced to vote as someone else tells you, in their presence. Even stuff like the Estonian i-voting can do nothing to really prevent this: since you must have your card or SIM to vote, the criminals would just make you vote in their presence, then hold that card or SIM until the vote is over.

“Speed” does NOT matter. Not for healthy adults, that is

In a normal country, real elections happen every few years. At that rate, there is absolutely no mature need to “know the results in real time”. It makes no real difference. Just accept it. Adults who can’t wait a few hours, or even days, to have certain, absolutely reliable results just need relax or, in extreme cases, therapists. Not e-voting.

Money matters less than reliability and democracy. MUCH less

Please take all the money spent in your last general election without e-voting and divide it by the whole State expenses between that, and the previous election. Your country would have probably saved more money if everybody had just switched all lights off every time they left their home. Any savings caused by e-voting are irrelevant, if compared to all the drawbacks explained here.

Voting is not payments

Unlike online payments, voting MUST be secret and anonymous. Online payments are relatively secure only because, if they go wrong, someone surely notices it, often immediately, and starts screaming for refunds, or corrections. With online voting, or electronic vote counting, it would be almost impossible, in comparison, to detect and fix frauds.

Frauds? WHICH frauds?

When all vote counting is manual, one needs to corrupt many people, in many different booths, to make a real difference in the outcome (gerrymandering does NOT matter here, as it is a serious problem to fix regardless of the voting system). When vote registration and counting are totally delegated to machines, instead, it only takes one attack to their software to make that difference.

In this context, it is also crucial to realize that “attacks” may be quite different from what you imagine. In real elections, the software of e-voting machines would not be attacked to attribute all votes to one candidate. It would be cracked to switch just one every N votes, randomly, in many places at once: small enough to go unnoticed without manual recounts, big enough to assign a plausible victory. Open Source? Nah…

“Open Source” is IRRELEVANT in voting

During any real election, it would make no meaningful difference at all if all the hardware and software used for vote registration and counting were 100% Free and Open Source. 99.9% of voters would not have the skills to verify the process, and the remaining 0.1% could not do it either! Unless they blocked everybody else in line for 30 minutes, to compare (how?) the source code in the machine against the copy they downloaded themselves. Or tear apart the same machine, to check that it was not modified in any way. While convincing the others in line that it’s not those actions that will introduce frauds or errors. Get real.

online/e-voting is DEEPLY ANTI-democratic

When (at least) all vote counting and checking is manual, everybody who can handle the “3Rs” can do it and spot frauds. Online or e-voting mean that, even if it were possible, only citizens with very high technical skills are good enough to supervise the exercise of democracy. That is not democracy (or security, for that matter).

Other issues, and alternatives

E-voting is also proposed as the only way to vote on many topics together, avoid invalid votes, and make disabled citizens vote. The responsible solution to the first problem is to separate the less important votes (e-g, tens of city-level, single-issue referendums) from the really important ones (country parliament or president, and then proceed as in the first paragraph of this post.

In Italy, blind users are allowed to enter the booth with a person they trust, who will vote on their behalf. That’s much better than jeopardizing whole elections with e-voting. In any case, both for that and for invalid votes, I’ve come to some conclusions, that I will present in another post soon. In the meantime, your opinions are welcome. Before writing, however, please do check my other posts on the same topic, which elaborate on everything written here.