How Can We Not Try?
Last week, I spoke about mobile voting at the University of Iowa.
The audience was mainly students, who universally seemed enthusiastic about being able to vote on their phones. However, Douglas Jones, a computer science professor, also attended and repeatedly expressed his vocal opposition to mobile voting. He then wrote an op-ed for the Daily Iowan making his case.
Jones’ main argument is that mobile voting is simply too risky and that a working group of academics at Berkeley concluded that the technology to make mobile voting secure doesn’t exist at this time. They were right – the technology didn’t exist when they met. Then we built it.
Mobile Voting, through my organization Tusk Philanthropies, has spent the last three years – and $10 million of my money – to build end-to-end verifiable air gapped mobile voting technology with a ballot checking mechanism that is easy for people to use – a technology owned by a non-profit and one that will be given away for free to anyone who wants to use it.
Simply based on the experts we assembled, the amount we spent, the time we all spent and the product we built, it is the most secure voting technology ever created by orders of magnitude. Jones’ information is outdated and outmoded.
If we hadn’t built a system with end-to-end verification and end-to end-encryption, Jones would be right. But we did. End to end verification gives each voter the ability to independently verify their ballot is recorded, cast, and counted correctly, ensuring no attack can go undetected. It protects votes at every stage of the process while giving voters evidence that their ballots are properly cast and counted. All activity is publicly viewable and auditable in real time through a public bulletin board, giving the public a direct view into the election system and enabling them to independently verify everything is correct.
Building an end-to-end verifiable system in and of itself isn’t that unique. Other online voting systems have been built using end-to-end verifiable encryption. The hard part was making the system usable so that voters actually verify that the encryption is working and their ballots were recorded and cast correctly. That's the main problem with other end-to-end verifiable systems. They make the verification steps so complicated for voters that ultimately, voters don't use them.
Our tech is different in that we simplified the process to make it as easy as possible. Like other systems, our tech presents voters with the option to check their ballot once it is encrypted and ready to be cast, our tech uses a simple, seven-digit alphanumeric code voters can use to easily perform the verification. And we know it works, because in test elections with over 400 voters, 55% performed the check with no issues. Survey feedback also found a majority of users thought the check was easy to do and would use it in the future. Notably, Microsoft senior cryptographer Josh Benaloh, who initially created the check in his work on end-to-end verifiable voting systems, suggests that only a tiny fraction of voters need to perform the check to spot any sort of attack. With more than half of voters performing the check in our system, we have far exceeded the standards Benaloh, Jones, and others have set to achieve secure, end-to-end verifiable voting.
The third key way our tech is different is our use of air gapping. Our tech uses end-to-end encryption, meaning ballots are encrypted from your device to the election office. Eventually, they need to be decrypted for printing and tabulation, just like other ballots in the election. If ballots are decrypted in an online setting, the decrypted votes would be vulnerable to attack and we would no longer have a way to detect it. We solved the problem by taking it offline, using a security countermeasure called air-gapping. As its name indicates, an air gap is accomplished by detaching a system from any type of external network, preventing remote access by anyone who may harm it intentionally or unintentionally. Air gaps serve two key security purposes: they defend against intrusion into a network or system, but they also protect digital assets from being destroyed, accessed, or tampered with.
These three measures – end to end verification, a user-friendly ballot check, and air gapping – are why the technology we built has performed successfully in test after test after test, and is the most secure technology ever developed for mobile voting.
Jones seems to imagine I have the power to snap my fingers and declare that every election will suddenly be held via mobile voting and only mobile voting. I’ve spent a lifetime working in and around government and politics — I know firsthand that’s not how the process works. And I envision mobile voting as part of a menu of voting options, from in-person to mail-in ballots.
The first thing we need to do is subject the system we built to as many challenges as possible. That’s why we’re going to make the code freely available – so anyone can review it, build upon it or try to disprove it. Whenever flaws are identified, we’ll fix them. The point is to keep making the system better and better.
The next thing we need to do is try out the new technology in concert with all of the current forms of voting and do so slowly and incrementally. That means trying it in state and local elections before federal elections. It probably means using it in primaries before general elections. And it means using the tech for certain voters who can't use other voting options, like military voters and voters with disabilities. It likely will mean blue states before red states because Trump’s views on the 2020 election has made any sort of voting reform a nonstarter with the MAGA crowd.
If the technology is working, we can keep expanding the number of people who can use it. If it’s not working, we should discontinue it. But what we can’t do is what Jones suggests, which is throw up our hands and just let our democracy fail because we’re too afraid to try anything new or different.
We live in a democracy now that typically either produces totally dysfunctional, polarized governments like we see in Congress where a major accomplishment these days is a vote that keeps the government funded for another two weeks. Or we see completely one sided state and local governments whether the City of San Francisco on the left or the State of Texas on the right.
Given that elected officials base virtually every decision solely on re-election, everything they do reflects who votes in their primaries and little else (because of gerrymandering, general elections rarely matter). When it’s difficult to vote, and when primary turnout is around 10%, which is what we typically have today, it only leads to polarization and dysfunction. When more people participate because they can now do it from the little computer sitting in their pockets at all times, then the underlying incentives shift, politicians move to the center to accommodate their new voters, and that creates the opportunity for things to actually get done.
I love this country. My family came here as refugees and it has given us a wonderful life. I’m not willing to just throw in the towel. I’m not willing to accept a world filled with corruption, extremism, dysfunction and polarization. I’m not willing to fall victim to fear of change, fear of innovation, fear of progress.
That’s why I’ve donated so much of my own money to move mobile voting forward. It’s why I will try to build a movement of those college kids in that audience who want a better future, want solutions on climate change, on education, on health care, on guns, on immigration and want to be able to participate in elections easily and frequently. It’s why we all should be asking ourselves how we can change the underlying political inputs that govern the decisions of every politician so that they reflect the will and interests of the people as a whole and not just a handful of extreme ideologues and special interests.
Our democracy is on the brink of destruction. That’s true. But it’s also on the brink of salvation. We just have to have the courage to try.
I loved this!