| From | Zoë Kooyman, FSF <[email protected]> |
| Subject | Don't let proprietary digital voting disrupt democracy |
| Date | July 16, 2020 12:17 AM |
Links have been removed from this email. Learn more in the FAQ.
Links have been removed from this email. Learn more in the FAQ.
*Read and share online: <[link removed]>*
*This email is sent to all Free Software Supporters in the Unites
States and without a registered country. Electronic voting is a global
threat, but this email focuses more deeply on the issue in the US. If
you're not in the US, [let us know your country][0] by updating your
profile so we can send you important emails about local free software
issues.*
[0]: [link removed]
Dear Free Software Supporter,
Here at the Free Software Foundation (FSF), we fight for the freedom
of all software users. We believe that everyone has the right to
[understand and study][1] the systems that they use, and that not
being able to exercise this right is a violation of our freedom. This
applies to our personal software usage, but becomes even more
important in processes of democracy. It is particularly relevant for
the upcoming November 2020 elections in the United States.
[1]: [link removed]
A free country has the responsibility to make sure all of its
citizens can be heard, and that voting processes are transparent
and fair. So what happens if people are still self-isolating in
November, in order to try and prevent a [second wave of the novel
coronavirus][2]? As more of our life processes have gone online
due to the pandemic, we have seen [debates][3] rise over a call
for mail-in voting. This discussion seems to be clearing a path
for a [renewed interest][4] in online voting software as a remote
alternative to in-person voting. This is cause for grave concern.
[2]: [link removed]
[3]: [link removed]
[4]: [link removed]
I am arguing in this post that it is essential that software used in
any part of the voting process be published free software. It is
unacceptable for such an important democratic system to be placed in
the hands of any for-profit, proprietary software corporation that
controls the source code, data management, reporting, updates, and
testing. No good can come from requiring a court order to be permitted
to study the source code of voting software in order to confirm the
process is fair and democratic. But additionally, I might surprise the
reader by laying out arguments to say that despite supporting the wish
to increase access and ease for all eligible voters, the only truly
free, ethical, and democratic voting system is actually a system that
steers clear from using software.
Technology can assist in the non-fundamental parts of the voting
process, like speeding up simple on-site calculations or verification
processes, in which case transparency is absolutely vital, and the
systems used must therefore be free software. Source code should be
provided freely for anyone to test the application, submit
modifications that can be adopted to improve the software, and make
recommendations, long before it has any opportunity to muddle with
results. But digital systems have no place in the key parts of the
voting system, including voter registration, casting a vote, and
tallying results. The experts agree on this, and I will explain why in
more detail below. Even when the source code is available, although we
can compel transparency and reproducibility, we still [risk
unacceptable vulnerabilities][5].
[5]: [link removed]
The examples below demonstrate some of the pitfalls of using
proprietary software in the voting process, and why the peddlers
of proprietary software cannot be trusted with crucial democratic
processes.
### Tallying and the Iowa caucus fiasco
In February 2020, during the kickoff of the primary elections to
determine the US presidential candidates, the [Iowa caucus][6]
introduced a [newly developed app][7] designed to help tally votes and
make the results faster and more accurate. It did the opposite.
[6]: [link removed]
[7]: [link removed]
The Iowa caucus failed due to [shoddy design and lack of testing][8]
of the app built by [Shadow Inc.][9], a for-profit technology company
that provides "smarter" technological infrastructure for Democratic
party campaigns. The flaws didn't surface until the primaries, because
of its proprietary nature. While the caucus results trickled in over
the days following the primary, debates arose about the accuracy of
its outcome, and voters started [questioning][10] the role that
technology should play in our elections. This fallout successfully
prompted other states to act with caution, and mostly scrap the plans
to use the same app.
[8]: [link removed]
[9]: [link removed]
[10]: [link removed]
### Online voting applications
Even before the virus broke out, jurisdictions like Delaware, Georgia,
and Philadelphia had already committed to replacing existing systems
with digital voting machines, despite their [unacceptable risks of
interference][11].
[11]: [link removed]
Voatz, Inc. the for-profit company behind the private mobile [voting
app][12] by the same name, developed a pilot program in 2019, claiming
they delivered "secure" digital voting. The trial for the proprietary
app focused on people with disabilities and people residing
overseas. Colorado, Oregon, Utah, Washington, and West Virginia signed
up, but studies found that the app posed [security risks][13] like
leaving votes visible and exposing them to tamperers. Researchers from
the Massachusetts Institute of Technology (MIT) [reviewed the app][14]
and found an alarming number of [vulnerabilities and privacy
issues][15].
[12]: [link removed]
[13]: [link removed]
[14]: [link removed]
[15]: [link removed]
Now, in recent primaries, [some states][16] have implemented online
voting using a system called OmniBallot, claiming that it offers safe
remote voting during the virus. Democracy Live, the organization
behind the system used in Delaware, West Virginia, and New Jersey
states that the system is not *really* online voting, because a printed
ballot is still generated when the voter's ballot is downloaded by the
voting committee. But that doesn't account for the fact that the votes
are still cast [electronically and transmitted online][17], which
means they are [still vulnerable to tampering][18]. In fact, OmniBallot
was also reviewed by MIT, and again, the [conclusion][19] was that the
system is unsafe. It proved vulnerable to manipulation, and
additionally has no privacy policy to deal with the voter's sensitive
information.
[16]: [link removed]
[17]: [link removed]
[18]: [link removed]
[19]: [link removed]
### Vulnerabilities explained
As much as different states want to spend millions of taxpayer
dollars to implement online voting systems to some degree or
another, there simply is no safe way to do so. [*The Observer*
explains][20] that an online system has to take into account too
many factors, from verifying identification to creating a secret
ballot, to voting and getting that vote to the committee, and
then verifying it again on the other end. To make it all secure
is nearly impossible.
[20]: [link removed]
Security experts have long been expressing concern as well. After the
2016 US presidential elections, the National Academy of Sciences (NAS)
conducted elaborate research into the future of voting, and published
a report called ["Securing the Vote: Protecting American
Democracy."][21] The preface of this 157-page document states: "We
were constantly reminded in news stories, by congressional hearings,
and through reports from the intelligence community, of the
extraordinary threat from foreign actors using cyber weapons and
social media to manipulate the electorate, and to target our elections
and cast doubt on the integrity of the elections process."
[21]: [link removed]
The report mentions that in 2016, the United States presidential
election was targeted by a foreign government, and voter information
was captured. While the exact consequences of this invasion are still
largely unclear, the fear of surveillance by outside parties and the
meddling with results is obviously justified. The NAS concludes that
the current system is vulnerable to internal and external threats, and
recommends [verifiable paper ballots][22], audits, and clear
distinctions between different elements of the process.
[22]: [link removed]
### Paper ballots and analog processes for democracy
Having full transparency and control is the only way in which we can
verify the legitimacy of elections. Transparency is currently best
accomplished by individual paper balloting. We will get the closest to
fair results by working with an analog system.
If we need to do remote voting, [contrary to some claims][23], mail-in
voting is a reliable fallback. [A study by Stanford University][24]
concludes that: "(1) vote-by-mail does not appear to affect either
party’s share of turnout; (2) vote-by-mail does not appear to increase
either party’s vote share; and (3) vote-by-mail modestly increases
overall average turnout rates, in line with previous estimates. All
three conclusions support the conventional wisdom of election
administration experts, and contradict many popular claims in the
media."
[23]: [link removed]
[24]: [link removed]
***
## Here's what you can do to stand up for your voting rights
#### Contact your representative
If you are in the US, please contact your [local representative][25] to
let them know you oppose electronic voting, and in particular
proprietary electronic voting. You can copy or personalize our
sample text:
[25]: [link removed]
> "Dear [Representive],
> I am [Name], and I live in your district.
> I am very concerned about the security and integrity of our
> voting systems, and do not think any computer-based system is
> safe, especially not any proprietary system. I agree with the
> Free Software Foundation article about the dangers of digital
> proprietary voting at <[link removed]>, and request the use
> of only paper ballots in upcoming elections. Please oppose any
> move to digital voting systems, and advocate for our right to
> vote analog safely. Thank you."
> [Name], [City/State]
#### Tell your friends about the threat of digital voting on social media!
Use the tags \#NoDigitalVoting and \#UserFreedom on your favorite
[microblogging][26] sites.
[26]: [link removed]
From voter registration to tallying, all steps in the voting
process could hypothetically be done digitally. But voting is a
highly personal, sensitive, and complicated system, one that
involves some of the most powerful stakeholders imaginable, and
where freedom is at stake. Free software shows us the system and
allows us to improve it. It does not, however, guarantee the
entire process to be unbreakable. Let's steer clear from digital
systems for now, for freedom.
Zoë Kooyman
Program Manager
--
* Follow us on Mastodon at <[link removed]>, GNU social at
<[link removed]>, Diaspora at <[link removed]>,
and on Twitter at <[link removed]>.
* Read about why we use Twitter, but only with caveats at <[link removed]>.
* Subscribe to our RSS feeds at <[link removed]>.
* Join us as an associate member at <[link removed]>.
* Read our Privacy Policy at <[link removed]>.
Sent from the Free Software Foundation,
51 Franklin St, Fifth Floor
Boston, Massachusetts 02110-1335
United States
You can unsubscribe from this mailing list by visiting
[link removed].
To stop all email from the Free Software Foundation, including Defective by Design,
and the Free Software Supporter newsletter, visit
[link removed].
*This email is sent to all Free Software Supporters in the Unites
States and without a registered country. Electronic voting is a global
threat, but this email focuses more deeply on the issue in the US. If
you're not in the US, [let us know your country][0] by updating your
profile so we can send you important emails about local free software
issues.*
[0]: [link removed]
Dear Free Software Supporter,
Here at the Free Software Foundation (FSF), we fight for the freedom
of all software users. We believe that everyone has the right to
[understand and study][1] the systems that they use, and that not
being able to exercise this right is a violation of our freedom. This
applies to our personal software usage, but becomes even more
important in processes of democracy. It is particularly relevant for
the upcoming November 2020 elections in the United States.
[1]: [link removed]
A free country has the responsibility to make sure all of its
citizens can be heard, and that voting processes are transparent
and fair. So what happens if people are still self-isolating in
November, in order to try and prevent a [second wave of the novel
coronavirus][2]? As more of our life processes have gone online
due to the pandemic, we have seen [debates][3] rise over a call
for mail-in voting. This discussion seems to be clearing a path
for a [renewed interest][4] in online voting software as a remote
alternative to in-person voting. This is cause for grave concern.
[2]: [link removed]
[3]: [link removed]
[4]: [link removed]
I am arguing in this post that it is essential that software used in
any part of the voting process be published free software. It is
unacceptable for such an important democratic system to be placed in
the hands of any for-profit, proprietary software corporation that
controls the source code, data management, reporting, updates, and
testing. No good can come from requiring a court order to be permitted
to study the source code of voting software in order to confirm the
process is fair and democratic. But additionally, I might surprise the
reader by laying out arguments to say that despite supporting the wish
to increase access and ease for all eligible voters, the only truly
free, ethical, and democratic voting system is actually a system that
steers clear from using software.
Technology can assist in the non-fundamental parts of the voting
process, like speeding up simple on-site calculations or verification
processes, in which case transparency is absolutely vital, and the
systems used must therefore be free software. Source code should be
provided freely for anyone to test the application, submit
modifications that can be adopted to improve the software, and make
recommendations, long before it has any opportunity to muddle with
results. But digital systems have no place in the key parts of the
voting system, including voter registration, casting a vote, and
tallying results. The experts agree on this, and I will explain why in
more detail below. Even when the source code is available, although we
can compel transparency and reproducibility, we still [risk
unacceptable vulnerabilities][5].
[5]: [link removed]
The examples below demonstrate some of the pitfalls of using
proprietary software in the voting process, and why the peddlers
of proprietary software cannot be trusted with crucial democratic
processes.
### Tallying and the Iowa caucus fiasco
In February 2020, during the kickoff of the primary elections to
determine the US presidential candidates, the [Iowa caucus][6]
introduced a [newly developed app][7] designed to help tally votes and
make the results faster and more accurate. It did the opposite.
[6]: [link removed]
[7]: [link removed]
The Iowa caucus failed due to [shoddy design and lack of testing][8]
of the app built by [Shadow Inc.][9], a for-profit technology company
that provides "smarter" technological infrastructure for Democratic
party campaigns. The flaws didn't surface until the primaries, because
of its proprietary nature. While the caucus results trickled in over
the days following the primary, debates arose about the accuracy of
its outcome, and voters started [questioning][10] the role that
technology should play in our elections. This fallout successfully
prompted other states to act with caution, and mostly scrap the plans
to use the same app.
[8]: [link removed]
[9]: [link removed]
[10]: [link removed]
### Online voting applications
Even before the virus broke out, jurisdictions like Delaware, Georgia,
and Philadelphia had already committed to replacing existing systems
with digital voting machines, despite their [unacceptable risks of
interference][11].
[11]: [link removed]
Voatz, Inc. the for-profit company behind the private mobile [voting
app][12] by the same name, developed a pilot program in 2019, claiming
they delivered "secure" digital voting. The trial for the proprietary
app focused on people with disabilities and people residing
overseas. Colorado, Oregon, Utah, Washington, and West Virginia signed
up, but studies found that the app posed [security risks][13] like
leaving votes visible and exposing them to tamperers. Researchers from
the Massachusetts Institute of Technology (MIT) [reviewed the app][14]
and found an alarming number of [vulnerabilities and privacy
issues][15].
[12]: [link removed]
[13]: [link removed]
[14]: [link removed]
[15]: [link removed]
Now, in recent primaries, [some states][16] have implemented online
voting using a system called OmniBallot, claiming that it offers safe
remote voting during the virus. Democracy Live, the organization
behind the system used in Delaware, West Virginia, and New Jersey
states that the system is not *really* online voting, because a printed
ballot is still generated when the voter's ballot is downloaded by the
voting committee. But that doesn't account for the fact that the votes
are still cast [electronically and transmitted online][17], which
means they are [still vulnerable to tampering][18]. In fact, OmniBallot
was also reviewed by MIT, and again, the [conclusion][19] was that the
system is unsafe. It proved vulnerable to manipulation, and
additionally has no privacy policy to deal with the voter's sensitive
information.
[16]: [link removed]
[17]: [link removed]
[18]: [link removed]
[19]: [link removed]
### Vulnerabilities explained
As much as different states want to spend millions of taxpayer
dollars to implement online voting systems to some degree or
another, there simply is no safe way to do so. [*The Observer*
explains][20] that an online system has to take into account too
many factors, from verifying identification to creating a secret
ballot, to voting and getting that vote to the committee, and
then verifying it again on the other end. To make it all secure
is nearly impossible.
[20]: [link removed]
Security experts have long been expressing concern as well. After the
2016 US presidential elections, the National Academy of Sciences (NAS)
conducted elaborate research into the future of voting, and published
a report called ["Securing the Vote: Protecting American
Democracy."][21] The preface of this 157-page document states: "We
were constantly reminded in news stories, by congressional hearings,
and through reports from the intelligence community, of the
extraordinary threat from foreign actors using cyber weapons and
social media to manipulate the electorate, and to target our elections
and cast doubt on the integrity of the elections process."
[21]: [link removed]
The report mentions that in 2016, the United States presidential
election was targeted by a foreign government, and voter information
was captured. While the exact consequences of this invasion are still
largely unclear, the fear of surveillance by outside parties and the
meddling with results is obviously justified. The NAS concludes that
the current system is vulnerable to internal and external threats, and
recommends [verifiable paper ballots][22], audits, and clear
distinctions between different elements of the process.
[22]: [link removed]
### Paper ballots and analog processes for democracy
Having full transparency and control is the only way in which we can
verify the legitimacy of elections. Transparency is currently best
accomplished by individual paper balloting. We will get the closest to
fair results by working with an analog system.
If we need to do remote voting, [contrary to some claims][23], mail-in
voting is a reliable fallback. [A study by Stanford University][24]
concludes that: "(1) vote-by-mail does not appear to affect either
party’s share of turnout; (2) vote-by-mail does not appear to increase
either party’s vote share; and (3) vote-by-mail modestly increases
overall average turnout rates, in line with previous estimates. All
three conclusions support the conventional wisdom of election
administration experts, and contradict many popular claims in the
media."
[23]: [link removed]
[24]: [link removed]
***
## Here's what you can do to stand up for your voting rights
#### Contact your representative
If you are in the US, please contact your [local representative][25] to
let them know you oppose electronic voting, and in particular
proprietary electronic voting. You can copy or personalize our
sample text:
[25]: [link removed]
> "Dear [Representive],
> I am [Name], and I live in your district.
> I am very concerned about the security and integrity of our
> voting systems, and do not think any computer-based system is
> safe, especially not any proprietary system. I agree with the
> Free Software Foundation article about the dangers of digital
> proprietary voting at <[link removed]>, and request the use
> of only paper ballots in upcoming elections. Please oppose any
> move to digital voting systems, and advocate for our right to
> vote analog safely. Thank you."
> [Name], [City/State]
#### Tell your friends about the threat of digital voting on social media!
Use the tags \#NoDigitalVoting and \#UserFreedom on your favorite
[microblogging][26] sites.
[26]: [link removed]
From voter registration to tallying, all steps in the voting
process could hypothetically be done digitally. But voting is a
highly personal, sensitive, and complicated system, one that
involves some of the most powerful stakeholders imaginable, and
where freedom is at stake. Free software shows us the system and
allows us to improve it. It does not, however, guarantee the
entire process to be unbreakable. Let's steer clear from digital
systems for now, for freedom.
Zoë Kooyman
Program Manager
--
* Follow us on Mastodon at <[link removed]>, GNU social at
<[link removed]>, Diaspora at <[link removed]>,
and on Twitter at <[link removed]>.
* Read about why we use Twitter, but only with caveats at <[link removed]>.
* Subscribe to our RSS feeds at <[link removed]>.
* Join us as an associate member at <[link removed]>.
* Read our Privacy Policy at <[link removed]>.
Sent from the Free Software Foundation,
51 Franklin St, Fifth Floor
Boston, Massachusetts 02110-1335
United States
You can unsubscribe from this mailing list by visiting
[link removed].
To stop all email from the Free Software Foundation, including Defective by Design,
and the Free Software Supporter newsletter, visit
[link removed].
Message Analysis
- Sender: Free Software Foundation
- Political Party: n/a
- Country: United States
- State/Locality: n/a
- Office: n/a
-
Email Providers:
- CiviCRM