Voting Online: Why It Hasn’t Happened
As vote-by-mail discussions have taken frontstage in the 2020 election cycle in the US, many people are questioning why we can do almost everything online today except vote. Moreover, there’s no serious discussion of implementing online voting in the United States at any level. Other than a few one-off circumstances (such as Super Storm Sandy), online voting has never been used in the US. Why is that?
To answer that, we need to look at the four things we demand of votes in the US:
1) Each voter gets exactly one vote
2) Each voter must be free to cast their vote any way they choose
3) It must be impossible to tie a particular vote back to an individual
4) Voters need to trust the results
Let’s go over them.
1) seems easy enough — you have an account everywhere else, why not one with your voting precinct? Voter roles are a known quantity, and we could simply mail everyone on them a card with their username and password, or have them come in an pick them up at City Hall in the same way they might get a mail-in ballot, right? Alternatively, we can have users set up accounts when they transfer their voting registration into the precinct. That way, we have an exact record of every voter, who can sign in, and then vote exactly once.
2) also seems easy. Give the voter all the choices they would have on the ballot and add a little box at the bottom to allow them to enter their write-in candidate if they need to.
3) Might seem strange at first, but surely, we can simply save the vote itself without saving who made it to the database? Just check off that they voted and move on.
4) Is difficult.
OK, so let’s suppose we have a simple website that users just log into, choose their results, they get marked as having voted, their vote gets added to an anonymous pile, and they move on with their day. Online voting is easier than we thought!
Well, we actually have a few issues here. First off, there’s no way for a voter to know if their vote was recorded correctly. With a paper ballot, a vote can at least see that they entered the vote they intended (Butterfly ballots notwithstanding.) With an online vote, it’s impossible for the user to know what got written to the database, and if it aligned with their intention.
With a paper ballot, it can be placed in a box, and only opened when all sides in the election have a representative present. If there is a question as to the voter’s intent, then each side has an opportunity to defend that particular vote, and to raise objections if votes are miscounted against their interests. That capability doesn’t exist with Electronic or Online voting. The machine decides in the moment a voter casts their vote how to categorize that vote, and if it is wrong, the party who lost a vote has no knowledge that it happened, let alone the ability to do anything about it. If an election has an unexpected result, or a recount is required, all anyone can do is check the totals in the voting machine. As long as the total number of votes counted equals the number of votes cast, there would be no way to say if the numbers were right or not.
We could, of course, resolve that conundrum by simply making sure we were able to track every voter’s ballot back to them, so we can verify that each voter agrees that they voted the way it was recorded. This destroys the third requirement, but why is that demand there anyways? It turns out once you can verify that somebody voted one way or another, a thousand side channels of voter coercion open up, from the political (imagine if there was a tax benefit to voting for the winning party), to the criminal (threatening people who don’t vote a certain way.)
Is it possible, mathematically speaking, to both protect someone’s vote, their anonymity, and the integrity of the voting system itself? Yes, technically there are. But no proposal I’ve seen doesn’t require considerable technical expertise on the part of the voter. At the end of the process, we all feed our votes into an electronic black box, and it gives use back a number telling us who won. If we trust the computer, we believe its result. If the losing party questions the integrity of the election, though, there may never be a way to authenticate the result, even in principle.
Someday some very clever person may come up with a way around these issues, or the population might gain enough expertise in the relevant branches of mathematics to operate a system the is verifiable, but until that happens don’t expect to be casting you votes on Facebook anytime soon.