Internet Voting in Puerto Rico

Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill.

Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. That means that votes could be manipulated or deleted on the voter's computer without the voter's knowledge, local elections officials cannot verify that the voter's ballot reflects the voter's intent, and the voter's selections could be traceable back to the individual voter. Such a system could violate protections guaranteeing a secret ballot, as outlined in Section 2, Article II of the Puerto Rico Constitution.

The ACLU agrees.

Posted on March 24, 2020 at 6:01 AM • 17 Comments

Comments

Andrew MacCormackMarch 24, 2020 6:35 AM

If we're still in lockdown in November, then the whole USA might have to consider this, though. Nobody thinks it is ideal!

Miguel FarahMarch 24, 2020 7:01 AM

In my country, electronic elections have been proposed for quite some time now, and (for now) the pressure to adopt them has been lessened by the disastrous results they had in a couple internal elections in political parties.

We have a plebiscite scheduled for next April, although there is an agreement between government and political parties to move it to October; I expect proponents to hike up again their efforts to move to remote voting when the political campaign ramps up and the memory of the global pandemic threat remains stronger than the memory of what an embarrassing circus the 2018/2019 electronic elections turned out to be.

NickMarch 24, 2020 7:41 AM

Blockchain being a trustless distributed ledger, verifiable by any party, what do you think of the following:

Demonstrate proof of residency in a given county/district, get your access key.

Use your access key to vote and to verify your vote. If the counted votes are published then anyone can enter their public key to verify how they voted, and election monitors can count the vote totals in a publicly verifiable way as well.

Tally the votes on the blockchain.

Is there something I'm missing, as far as feasibility?

Miguel FarahMarch 24, 2020 7:46 AM

@nick : If you can verify how you voted, then your vote is not secret anymore, and that breaks one of the general principles of public elections (that individual votes must be secret).

David RudlingMarch 24, 2020 8:07 AM

I understand the rather odd status of Peurto Rico in relation to the other 50 states and commonwealths. However if any part of a major democracy were to implement such a flawed voting system, then if undemocratic regimes were to copy that system they could justifiably claim that their elections were fully in accordance with the standards of a mnajor democracy and unassailable as to fairness. Manipulation of the results or the visiting of severe retribution on those who had voted the "wrong" way would of course follow but how could the major democracy criticise that electoral process?

Mr VerhartMarch 24, 2020 10:40 AM

@nick, as your employer, show me that you voted correctly in the election if you want to keep your job.

It is a good thing that you do not have the ability to prove your vote.

LorenMarch 24, 2020 10:58 AM

Bruce,

My household just received an invite to complete the 2020 census online.

Fully agree that Internet voting has all the issues outlined but doesn't Internet census response have the similar issues or worse? Seems that the same manipulation is possible and the impact could be even worse since it affects the next decade's worth of elections and other government power/resource distributions.

Regards,
Loren

Frank KienastMarch 24, 2020 11:47 AM

I know truly anonymous voting would be difficult to implement over the internet. But my question is - is voting really anonymous in person? Every time I vote, I hear the machine print some sort of paper record. Based on the order in which voters signed in, combined with this paper record, wouldn't it be possible to figure out how each person voted? Might not be tracked directly, but seems like it would be possible to figure out how a person voted if someone working at the polls was unscrupulous.

VMarch 24, 2020 6:10 PM

@Loren:
I stuffed my scruples under the mattress and did the online census. It turned out to be pretty flakey - I got dropped out partway through twice before I successfully(?) made it all the way through.

NickMarch 24, 2020 10:55 PM

@Mr. Verhart & @Miguel,

An individual vote would be like a bitcoin address. Anyone can go in with a public key and verify votes, but only the person with the private key can create the vote for that address.

It's not linked to your real world identity, you get a randomized, anonymized one when you demonstrate residency.

If your employer wants a loyalty check, you can give him any public key to 'verify'. Right before you report him to the cops for vote tampering/intimidation.

MrCMarch 25, 2020 4:02 AM

@ Nick:

1. Blockchain is only "immutable" if you have enough mutually distrustful nodes that no cabal of colluding nodes can muster more computing power than the rest of the network. The raises some huge problems: Who gets to be a node? Can ordinary citizens like me be nodes? (I'm not inclined to trust the results of an election if I can't be.) Or do expect us to just trust some corporation like Diebold to run all the nodes and not to f--k with the results? (If you think about it for a moment, the entire concept of a "private blockchain" is just pure stupid.) How do the nodes get paid? Or do expect them to do it out of patriotism? Most importantly, how do you avoid a 51% cabal in a two-party election? It seems unavoidable that whichever party has slightly more supporters who are nodes wins every race in an unexpected landslide.

2. You need some way to get the votes from the voters to the nodes. This needs to be secure, verifiable, and private. Which is our original design requirements all over again. So blockchain doesn't solve anything, it just moves the original problem into the "get the votes from the voters to the nodes" step. (And then it adds all the problems noted above.)

So, sorry to say, but internet voting is a terrible idea and adding blockchain would only make it even worse.

fmsMarch 26, 2020 3:59 AM

@Nick

If your employer wants a loyalty check, he can ask for the private key associated with the public key that you give him.

A Nonny BunnyMarch 28, 2020 2:01 PM

@Mr Verhart

It is a good thing that you do not have the ability to prove your vote.

Do you know how many people posted a selfie from the voting booth in the last elections here?
It's very easy to prove how you vote. I mean, you could maybe try to go to the effort of faking a voting booth and a create a fake copy of the ballot-paper, but you'll have to fake the GPS-location that your phone adds to the photo as well. And of course they could just be dropping you off at the voting booth and waiting for the confirmation photo. So ...

john henryApril 4, 2020 5:56 PM

I'm a bit late to the party but let me add my 2 cents:

I should point out one thing that Puerto Rico lacks that most other states have: Jokes about people voting from cemetaries, "vote early, vote often" and so on.

The reason we don't have those is because in the past 60-70 years, there have been no credible or serious allegations of voting fraud. The reason for this, in my opinion, is that it is pretty much impossible. Here is the basic process to vote:

1) Register. When you do this yout get a voter ID card that is at least as difficult, perhaps more difficult, to counterfeit than a drivers license or passport. This card cannot legally be accepted as ID, cashing a check, for example, other than for voting and related stuff.

2) On election day, same as presidential elections, polls are open for about 4 hours. We vote in an elementary school near my house. We show up and go to a classroom based on our last name. (8-10 classrooms) To enter, our finger is scanned with UV light.

3) Once in, we present Voter ID card and are checked against a list. Usually poll watchers from both parties do this.

4) If on the list, we dunk our right index finger in UV ink.

5) We get 3 paper ballots, Governor & resident commish, legislature and municipal. Ballots are colored to prevent mixup. We go into a small booth to mark them.

6) We fold the ballots and drop them in the appropriate ballot boxes.

7) As we leave, the UV gets verified.

In the event of a problem with the card, registration or such, there is a provision to cast a provisional ballot that is segregated until it can be ajudicated and added to the totals.

Absentee ballots are available to students and military outside of PR. In theory, they are available to others but a really good reason is required and it is apparently a tedious process.

There is some provision for early, but same day, voting for police, election workers and others needed for the elections.

In the case of people who can't get to the polls, hospitalized, for example, there is a provision for them to vote on election day in a supervised manner.

If this sounds like a lot of hoops to jump through, it doesn't affect turnout. Typically we have in the high 70s low 80%. I suspect, with no basis, that one of the reasons is the high degree of trust in the process. We may get politicians who make Chicago's look like altarboys but we do get them honestly.

Ballots are initially counted in each polling place then sent to San Juan for recounting and certification. We usually have a final, though uncertified, count by 7-8PM election night. The official, certified count takes another week or so but is almost never significantly different from the initial, election day, count.

I've voted in every election since 1976 though I missed a couple over the years because I was traveling on business.

If we go to electronic voting, I will surrender my voter ID card and will not vote again.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.