My hacker friend Mason is fond of saying that whenever he explains a computer security issue to a nontechnical person, he gives them one simple set of instructions. "If you're talking about doing something with the Internet, just put the word 'evil' in front of it," he told me with a grin. "That way, you can say you're sending e-mail over the evil Internet, or you're doing banking over the evil Internet. I find that this really helps to clarify the issue."
What Mason means is that the Internet isn't secure, and therefore it doesn't protect you against evil. When you chat on the Internet, you're not chatting in private. When you do your banking over the Internet, there are dozens of ways for an industrious hacker to snarf your password and take over your bank account. Using the Internet is like walking down the street in New York City. Most of the time, you'll have no problems. But once in a while, somebody will steal your wallet, eavesdrop on your conversations, or abduct you and beat you senseless.
And that's just one reason there's an electronic voting issue everybody can agree on: Internet voting sucks.
Although the whole electronic voting-machine issue is only getting uglier and uglier as November draws near, at least we can rest assured that nobody – not even Jeb Bush – will try to make us vote over the Internet. Back in January, a coalition of Democrats and Republicans representing U.S. citizens overseas worked together to stop a proposal that would have allowed out-of-country voters to mark their ballots online.
This bipartisan attack on Internet voting was bolstered by an independent report on the government's Secure Electronic Registration and Voting Experiment, a system for Internet voting slated to be rolled out this year. The authors of this report, a team of computer security experts and professors, noted, "The vulnerabilities we describe cannot be fixed by design changes or bug fixes to SERVE. These vulnerabilities are fundamental in the architecture of the Internet." (You can see the whole report at www.servesecurityreport.org.)
Boiled down, what the report said was, "Don't vote on the evil Internet." Similar kinds of reports, written by well-credentialed experts, have been issued about our current crop of electronic voting machines too. But the political response, while nonpartisan, has been a lot less emphatic. Sure, there are a couple of bills making their way through the House and Senate that would force counties and states to make their e-voting machines a bit more secure by producing what are called voter-verifiable paper audit trails (basically, paper versions of your electronic ballot that you can check for accuracy and use in a recount). But there's been no call to halt the use of these machines entirely, the way there has been in debates over Internet voting systems.
Granted, the e-voting machines many people will use in November won't be sending our votes over the evil Internet, but they're nevertheless insecure. More important, they're subject to all kinds of random screwups. By now you've probably heard countless reports of how an Electronic Systems and Software iVotronic machine lost more than 100 votes in a 2002 Florida gubernatorial election, and hundreds of voters in southern California couldn't cast votes in a March election because their Hart InterCivic machines broke down unexpectedly. And let's not even get started on Diebold, the company that's now notorious for getting its machines banned in California for loading software on them that hadn't been certified by the state.
The obvious question is, why are people freaked out about Internet voting but not so much about e-voting machines? The answer is simple. It's too late. No matter how many reports we write, no matter how many bills we shove through congressional committees, people will be voting on shitty-ass machines in the next election – machines whose security makes Windows XP look like OpenBSD. Luckily, there are activists and policy makers who are trying to make these machines work as smoothly as possible come November (check out www.verifiedvoting.org). Often these are the same people who are making it safe for you to do banking and credit-card transactions online.
As usual, the high-tech marketplace is moving faster than the democratic ideals that made its rapid expansion possible. Sometimes that's a good thing. I hope this November we don't have to learn a hard lesson about what happens when it isn't.