Voting Technology
Rethinking Online Voter Registration
Remarks by Kim Alexander, President, California Voter
Foundation
Presented to the California State Senate Elections and Reapportionment
Committee Informational Hearing
December 14, 2007
Good morning. I’m Kim Alexander, president and founder of the California Voter Foundation, a nonprofit, nonpartisan organization advancing the responsible use of technology to improve the democratic process, online at www.calvoter.org.
Eight years ago I served on the Secretary of State’s 1999 Internet Voting Task Force. Our report, http://www.ss.ca.gov/executive/ivote was issued by Secretary of State Bill Jones in January 2000, and we concluded then that Internet voting was not a secure voting method.
The task force also considered using the Internet for voter registration. We recommended against an all-electronic online voter registration system because we found that the security risks outweighed the convenience such a system might provide, concluding that “such a system would also be an invitation to automated, large-scale vote fraud”.
In the years since our report was issued, a number of government transactions have moved online and been made much more convenient for the public, such as registering an automobile or checking on jury duty status.
However, voting is unlike other transactions -- you only vote once, you cannot transfer your ballot to someone else, you cannot sell your ballot, you cannot allow someone else to vote for you, and you must vote your local ballot since your district assignments are based on where you live.
Although we are not talking about online voting, there are many qualities in the voter registration process that are unique, lie the voting process -- you can only be lawfully registered to vote once, you must be registered at your current location, and you cannot allow someone else to submit your registration form for you without your signature and authorization.
These qualities of voter registration make it a unique and challenging transaction. Here are some of the concerns raised about the technology that would be needed for online voter registration by the 1999 Internet Voting Task Force:
• with a paperless Internet registration system, the possibility of registering fraudulent or ineligible voters can be automated.
As the Internet Voting Task Force Report concluded: “The danger of automated, large-scale vote fraud through fraudulent Internet registrations, possibly committed by persons outside the U.S., is so severe that we believe no system should be certified that does not have strong means of identifying the registrant.”
At the time the report was written,there was no widely available, standard way to verify a person’s identity over the Internet. The Help America Vote Act had not yet been enacted, drivers license numbers were not required to be provided on the form, and registrations were not cross-checked with DMV and Social Security records.
Today these requirements are part of the registration process, and potentially provide a “strong means for identifying the registrant”, which in turn opens up the possibility of online registration. But how secure are drivers’ license numbers?
The Driver’s Protection Privacy Act (DPPA) of 1994 restricts access to state motor-vehicle records and disallows public access to driver records as well as their sale for commercial purposes. Law-enforcement agencies, insurance companies, businesses performing ID verification, and investigators serving court business such as subpoenas are still allowed to access driver records under the DPPA.
However, one way the private sector is getting around the DPPA is by gathering driver records directly from drivers when they provide their driver’s license. Driver’s data is encoded in the license’s magnetic strip. Many bars and night clubs have started utilizing scanners to verify patrons’ age at the door; some also download and retain the patron’s driver’s license data gleaned from the magnetic strip, such as name, address, birthdate, and driver license number. A recent Google News search turned up numerous articles in recent weeks about the use of such scanners and the privacy and security concerns their use has raised.
If someone could obtain drivers license data, they could cause all kinds of problems for voters, like reregistering them to vote at different addresses or changing their party affiliation so they can't vote in their party's primary. This could be done in a selective way to suppress the votes of certain voters.
Questions/Concerns
1. How hard is it to obtain California drivers license numbers?
2. Do counties suppress this data when they make voter registration records available to secondary users, such as political campaigns?
3. Is there a state law requiring this data to be redacted?
4. If someone looks up an affidavit in a county election office will they see the drivers license number?
5. What are the policies in place at the DMV to protect drivers license data internally from unauthorized employee access?
6. In Arizona’s system how do you know if someone is registering or reregistering themselves, and not having someone else do it?
7. In Arizona’s system, how does the digital signature work?
We have concerns about DMV’s current handling of voter registration records. In 2004, the California Voter Foundation conducted a survey on voter participation. Among the 1,000 Californians we interviewed who were eligible to vote but not registered, 18 percent said they thought they had registered through the DMV.
8. Why are people falling through the cracks, and what changes would be implemented to ensure that that the DMV is properly handling its voter registration role?
The 2000 task force report noted several other security issues:
Digital Signatures
According to the task force report:
“Citizens would create public-private key pairs and register the public keys with a certification authority. They could then participate in various cryptographic protocols, and could, for example, digitally sign their requests for registration via the Internet.”
However, while a digital signature on a registration request proves that the request came from a holder of the private key, it does not prove that the key has been kept properly private, i.e. that it has not been "shared" with others, or stolen. More importantly, it does not prove that that person has only one such key, possibly issued by different certification authorities. A person with multiple keys might freely register multiple times.”
Eligibility
“Even assuming that we could verify the identity of potential voters, an Internet voter registration system should also verify their eligibility, i.e. determine citizenship, age, legal residence, and that the person is still alive”.
Non-duplication
“It is easy to detect when a person registers more than once using the same identity in the same county, and to either ignore it, or treat it as a re-registration. But to detect if a person is registered to vote in more than one county or state requires cooperation among the 58 California counties, or the 3000 counties in the U.S. As before, the current paper based system is open to this kind of fraud at a small scale; but committing it on a large scale would be a tedious process, probably involving the efforts of many people to fill out enough registration forms needed to succeed. With Internet registration, however, the fraudulent registration process could be automated by a single person, from anywhere in the world, leaving no physical evidence.”
Malicious code
“There is also the danger that the voter registration process might be interfered with by malicious code infecting the computer used for paperless registration.”
There are many innovative and helpful ways the Internet can be safely used to facilitate voter participation. Here are some incremental changes that could be tried out in California before attempting to implement online voter registratio
-
Provide a web service that voters can use to look up their registration record, see whether they're currently eligible to vote in the next election, see the location of their polling place and the date and times it will be open, see if they will be receiving an absentee ballot or not, check if their mailing address is correct, etc.
-
Provide a web service to allow people to view and download a sample ballot for their precinct.
-
Provide a web service to allow people to check the status of their absentee ballot. Has the ballot been mailed to them yet, and if so, on what date? Has the returned ballot been received by the county, and if so, on what date? Also, let people find out where the nearest place is to drop off their absentee ballot in person.
-
Provide a web service to allow people to check whether their provisional ballot was counted.
-
Provide a web service to allow already-registered voters to request an absentee ballot for the upcoming election.
If we make it easier for people to register to vote perhaps more people would do so. And that would be a good thing. But generally, I have found in democracy and technology issues there is a tradeoff between convenience and security. We can maker registration really convenient, but if that convenience opens up new opportunities to fraud then it will erode people’s confidence in the system and in turn their desire to participate at all. My advice is to tread carefully, gather more information, and try out some incremental steps before we head down the path of online voter registration.
There are no computer scientists involved in this hearing, and it’s important that we involve people with technological expertise as we consider these ideas. I would urge the Legislature to reconvene the Internet Voting Task Force, and make sure it has ample funding to bring together a wide variety of experts to study the possibility of online voter registration.
Site Map |
Privacy Policy | About
Calvoter.org
This page was first published on December
18, 2007 |
Last updated on
December 18, 2007
Copyright California Voter Foundation, All Rights Reserved.