Two weeks have passed since Utah Republicans got to vote online for the first time.
Was it a success?
Computer experts would say it’s impossible to know. The key to hacking an election is making sure no one knows what you’ve done. Utah GOP Chairman James Evans, however, says yes.
“I think we had tremendous success,” he told me Tuesday by phone. About 27,000 people cast ballots that way. People, mostly LDS missionaries, voted from 45 countries.
He is planning to recommend to the Republican Central Committee that online voting happen again in 2020, if there is a presidential caucus.
This does not, however, mean we’re any closer to voting on our smart phones in a primary or general election. As Evans is quick to note, the Republican Party is a private entity, not a government.
You may have noticed that parties put their own stamp on the presidential nomination process, from the Democratic “super delegates” to the different ways each state decides how to divvy up delegates to the way many Republicans hope to broker a convention outcome that makes all previous voting more or less irrelevant.
Democracy is a fungible concept where parties are concerned.
Not too long ago, party bosses were making all the big decisions. We’re conditioned to see old-fashioned democracy as the gold standard for all political considerations, but good reasons exist for the ways parties act. This year has shown that too much democracy can cause a party to lose control of its platform and principles.
But that doesn’t mean you can afford to let people think your selection process is vulnerable to fraud.
Perhaps I should rephrase that. Every political process in which votes are required is subject to fraud, whether it’s done with paper and pencil at a polling place, by mail-in ballots or with electronic machines on a dedicated system.
The hope is that online voting won’t be any more vulnerable than these. Evans thinks that can be so; others disagree.
The great Utah Republican online experiment wasn’t the first time an election was held online. That doesn’t make anyone feel better.
None of the previous attempts has been shown to be completely secure. That includes often-cited Estonian elections, which are conducted using the same private company, Smartmatic, that handled Utah’s Republican caucus.
A study by the University of Michigan, with help from several international experts, found “… the procedures Estonia has in place to guard against attack and ensure transparency offer insufficient protection.”
The study found many ways an attacker could manipulate the outcome or, just as bad, cast doubt on it.
In 2010, Washington D.C. held an internet voting pilot project and invited people to try to compromise it. Less than two days later, University of Michigan researchers gained control of the election server. It took another two business days for anyone in Washington to notice.
A report last month on wired.com said Utah’s online voting was giving security experts “heart attacks.” The publication quoted experts who said the system could be vulnerable to people who attack personal computers or devices and send them to hoax sites, or that they could initiate a “denial of service attack” against a geographic area where people are more likely to vote for one candidate over another.
Evans believes the Smartmatic system guards against problems by letting people use unique pin numbers to verify a vote was cast for the intended candidate.
His concerns are more for the 13,000 or so people who tried, but failed, to register online. Most, he said, were people who made mistakes, such as recording their own birthdays wrong.
Next time, he wants to send everyone who registers a confirmation letter, to which they must respond.
But next time is hard to predict. Utah may not see another presidential caucus as important for a while. In 2020, the nomination could be wrapped up by the time the circus is scheduled to come to town.
Four years is forever in the computer age. But, while I admire Evans for his confidence and for his desires to help people participate, I’m guessing Internet voting will be just as controversial, and vulnerable, then as now.