I voted online so you don’t have to
Alaskans can legally smoke marijuana, never pay state taxes, and vote online. Because freedom is something we take seriously and I know how to use computers, this year I chose to digitally vote as part of what the Council of State Governments calls an online voting laboratory. This is real voting (President, Senate, etc.) on real computers.
Alaska is the only state that allows any voter to cast their ballot online. Several other states allow some form of email or electronic voting, according to the National Conference of State Legislatures, but those jurisdictions mostly restrict e-voting to members of the military who are stationed overseas and are covered by the federal Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA), and a few select others. Since 2012, Alaska allows anyone to vote online. I wasn’t an early adopter of smartphones or FitBits, but I was determined to be among the first in our country to vote from the comfort of my bed on my dumpster-salvaged laptop.
Early October: “Let me Google this.”
I start with Google, which tells me that no states whatsoever allow online voting.
But I’ve been on the Division of Elections website enough in the past several years to know that there is an option vote to by fax and some form of electronic voting. The DoE page soon (in no fewer than 915 words) tells me that I can apply for e-voting two weeks before the election. But no sooner.
Monday, October 24: Go Time.
Today is the first day possible to apply for an electronic delivery ballot or even access the application. The instructions are available on a video beforehand, but if you want a head start, you’ll have to wait until today. But the “online” dimension of this soon begins to show its cracks. Early Monday morning I began my online voting by downloading and printing a two-page PDF.
You fill out a few questions, sign with a pen (digital signatures will be rejected), scan, and then email or fax the complete application to the Division of Elections. As I soon learn, you essentially have to work in an office setting or have a stellar all-in-one scanner-printer-fax machine at your house to be able to vote online. There is a lot of paper involved. At 1:31 p.m., I email my application to the DoE.
With the exception of an auto response Monday from the Division of Elections system, there is no word on my application. I wanted to get this thing done Monday, but I instead comfort myself by reading 4,904 words about how the 538 election model weights different state polls and factors a suite of economic fundamentals into their projections. You should too.
Wednesday, October 26: I’m in.
At 6:08 a.m., I receive a 661-word email from DoE letting me know that I can vote within 12-24 hours. Or at least that’s what I understand, based on the somewhat muddily-worded message:
“Email Notification of ballot availability through the Online Delivery System will be sent to you in the next 12 to 24 hours”
At 8:11 a.m., I open another email letting me know that I can access the “voter portal” at https://ak.secureballotusa.com. Game on, time to vote this election and be done with it. But this message is not from the Division of Elections, it’s from a different email connected to a non-governmental domain: firstname.lastname@example.org.
The same State of Alaska that depends on a 30-year-old mainframe computer didn’t go out and build a secure stack of software to manage a relatively groundbreaking internet implementation of our democracy’s most important function.
They hired a contractor.
Cómo Votar: I enter the rabbit hole.
Secureballotusa.com redirects to the Barcelona, Spain-based company that implements e-voting systems across the globe. Indeed, the domain name is linked to a Barcelona address for Scytl Secure Electronic Voting, the contractor behind Alaska’s system.
With a tagline of “Innovating Democracy,” Scytl is the global frontrunner in electronic voting systems–their CEO claims a 90% market share–and the contractor hired in 2012 by Alaska to build a secure system for electronic elections. Formed by cryptographers in 2001, the company has experienced massive growth and plans to have 800 employees by the end of the year. The firm clearly sees a global market: Scytl has teams based in Dubai, Hong Kong, London, Ukraine, and Bogota, among other locations. The American branch is registered in Virginia and has offices in Tampa, Florida and Oklahoma City. And they’re expanding fast, according to their website.
“Over the past years, Scytl has built a strong financial reputation thanks to a substantial growth rate ranging from 65% to 70% per year and the support of leading financial investors: Balderton Capital, Nauta Capital, Spinnaker Invest, Vulcan Capital, Sapphire Ventures, Vy Capital, Industry Ventures and Adams Street Partners.”
Who owns this thing?
An early tech billionaire and an international team of venture capitalists from Silicon Valley to Spain to Dubai have stakes in the company and are betting with their funders that the global trajectory of software eating the world will continue with state, local, national, and corporate elections. The company already does business with the UK (Brexit poll worker training), the Swiss Canton of Neuchâtel, the Norwegian Government, some sort of businessman-backed eDemocracy network in Russia, as well as Spanish McDonalds restaurants.
Not far from Sand Hill road, the Sapphire Ventures team leadership captures the flavor of international money behind Scytl. According to their website, Nino Marakovic “was born in Croatia, is an Austrian citizen and has also lived in Italy and Germany before settling in the San Francisco Bay Area more than 15 years ago.”
Across the Atlantic, Romanian-born former Goldman Sachs Banker Alexander Tamas, a past partner with the Russian Digital Sky Technologies now runs a Dubai-based venture capital and private equity firm that is among the investors in Scytl. They’re joined by Spinnaker SCR – a Spanish private equity fund under the Riva y Garcia group that invests in media companies that focus on “…the production, distribution and presentation of all kinds of contents, as well as the generation of application technologies for the sector…”
Closer to the Pacific Northwest is Vulcan Capital, an investment group led by Microsoft co-founder billionaire Paul Allen. His team is active in e-commerce in the Middle East and have within their portfolio a virtual reality play, a space launch startup, a small-molecule genetics biomedical firm and of course, Uber. They are joined by Industry Ventures, another Silicon Valley venture capital firm with bets on Twitter, Uber, and dozens of startups with bad logos.
The internet quickly turns George Soros-weird upon looking more into Scytl involvment in the United States. The web is full of allegations that Obama gave the company a processing contract for the US voting system (there is no federal voting system), and that George Soros is an owner. The company lists its investors online and Snopes found no evidence of Soros as an owner. The company is planning a 2017 IPO on the NASDAQ stock exchange, reports NovoBrief, shooting for a one billion dollar valuation, according to ASCRI.
The company points out that they have systems for avoiding conflicts of interest in their team. “In compliance with Scytl´s strict political neutrality policy, none of Scytl’s shareholders or senior management members have any political affiliations,” the website states.
As a citizen, I’d suggest it’s worth having at least a passing familiarity with the billionaires associated with your public elections.
Thursday, October 27: But first, some Election humor.
I open the link in my email, supply some relatively basic identifying data (last four digits of Social Security Number) and enter the world of election software jokes in the training materials.
For those keeping track, if the ptarmigan designation were to pass, this would add ambiguity to the status of our current state bird, the willow ptarmigan.
The video is currently enjoying the stellar review record on YouTube of four thumbs up and ZERO thumbs down.
There is one moment that makes use of a clip-art calendar in a rather aggressive way, showing a conceptual election day on the fourth Tuesday of the month (remember to vote November 22 everyone!)
Another strange moment happens when the woman’s doppelganger appears to witness her signing her voter certificate.
There is a shocking amount of origami involved if one is to return the electronic ballot by mail (which is indeed an option).
And finally, whoever runs the company’s YouTube channel also must have gone on an Easter candy-fueled video liking spree:
Upon reaching the actual voting page, it’s a bit surreal: I’m actually going to vote online. On the computer. From my bed.
You simply click on the oval. This is voting. No butterfly ballot and no autocorrect for this portion of the app.
You then cycle through your statewide races, local Alaska Legislature House and Senate races, Ballot Measure One and then on the retention of something like 26 Alaska judges, which you have obsessively researched over the nine months and are fully qualified to vote on. Once you’re done, you download the two files (PDF #2 and #3 of the process for those keeping track).
Friday, October 28: Let’s ship this thing.
I log back in to upload the ballot and certificate. I figured the system may give me some trouble because I left after completing my ballot, but before uploading the final document. No such trouble.
Here’s where computer literacy comes into play. If you’ve gotten this far, you’ll probably make it home free. But this isn’t one stop shopping online: you have to download, locate, unzip, print, sign, scan, and upload more documents before you’re done. If you run into trouble, the system provides a phone number with a South Dakota area code.
This is in no way faster or easier than voting in person. It’s like doing your taxes on paper for the challenge of it. For those who are used to being able to manage their financial and social lives completely online, this is not the same. There is a segment of occasional computer users who would have serious trouble completing this process. You need both printing and scanning technology. This is not something you can do from your phone, at least not without some elite workarounds.
I’m soon greeted with a screen that references the vocabulary of the Amazon tracking information that tells me when my order of knockoff camera batteries has passed through Louisville.
But there is some fine print.
(You also might note two misspellings in the DoE warning.)
I don’t recall ever signing a waiver when I’ve gone to vote in person. I’ve also never read the Google Terms of Service, which probably are relevant, given how much information it likely knows about me. But should I worry about my vote being modified, suppressed, or simply seen by others?
As many in the cybersecurity and election worlds watch Alaska’s experiment unfold, Steve Friess in the Intercept in 2014 called our system “a security nightmare,” with vulnerabilities to hackers on both on the user’s machine and enroute to the servers prior to being counted.
Friess writes, “Computer scientists have already done some of these things in controlled laboratory experiments, in some cases attacking the same systems that Scytl has deployed in other jurisdictions around the world. In fact just this week Joseph Kiniry, a principal investigator at Galois, an international cybersecurity firm, asked his team to figure out ways to alter locked, supposedly un-editable PDFs remotely without detection. It took them, he said, a day.”
A neon-colored link appeared on the Division of Elections website this week touting the security systems in place (ostensibly after the Trump campaign has floated the idea that the election is rigged, but the linked document makes no mention of the electronic measures.
Sophie Kleeman wrote in Gizmodo this week about the lack of a verifiable paper trail for online ballots and highlighted the pardox of participating in our online democracy:
“Online voting is often viewed in the same way as online banking and shopping, but there’s a vital distinction: voting is based on anonymity. Banking and shopping are solidly linked to a person’s identity, and that identification is a key weapon for preventing fraud. Online voting, however, requires both anonymity and proof of identity,” wrote Kleeman. “It’s the height of irony, really: the internet, a bastion for the faceless and the nameless, gets in the way of total obscurity.”
When the time comes for our country to have a serious conversation about the security of our voting systems, I fear that digital cryptography will prove to be a clunky topic. Even the very simple online descriptions push my understating of tech and security. “… specialized masking protocol in the voter’s device that ensures that voters’ choices are never known by the online platform or by any third-party device…”
Quick, how would you explain a blockchain to your grandmother? What do you (or Chuck Grassely for that matter) know about SSL and encryption?
I joined the 955 Alaskans who as of Wednesday have completed their online ballot. More than 16,000 in the three days came in person to vote early or sent in ballots by mail. It took me a week to complete, but Alaskans who want to vote online can apply for a ballot as late as Monday, November, 7th.
Scytl maintain an active research and publishing effort, with freely-availalbe papers like “Implementation of a Leakage-Resilient ElGamal Key Encapsulation Mechanism” and Fine-Tuning Groth-Sahai Proofs (For the uninitiated, “Groth-Sahai proofs are efficient non-interactive zero-knowledge proofs that have found widespread use in pairing-based cryptography. We propose efficiency improvements of Groth-Sahai proofs in the SXDH setting, which is the one that yields the most efficient non-interactive zero-knowledge proofs.”)
I haven’t been able to get complete information on the cost of the online voting system yet. A FOIA’ed document available online that includes a review of proposals lists a $250,000 license fee, $125,000 in annual subscriptions subscriptions, and $14,394 for ballot processing each election(costing about $74 per returned vote in 2012 by those numbers, not counting any additional staff or DoE resources).The state’s online checkbook system showed a paymbent of $198,017 in FY2013. In my searches, SOE Software, a Scytl subsidiary, received payments of $4,499 in FY15, and $24,200 in FY16, but I do not have complete financial information.