It’s an election year, which means it’s time to talk about election tech — again. In February, the dysfunctional Iowa caucus app resulted in chaos across the state, the Nevada caucus made a last minute decision to abandoned its plans to calculate and report results with an app, and Los Angeles’s brand new voting machines faced some technical difficulties and didn’t prevent hours-long lines at the polls. The Iowa caucus app, in particular, highlighted the complexities and risks of moving elements of the voting process online.

Caucus Cock-ups

While speculation about election interference — whether by Russian government agents or threats closer to home — can be hard to substantiate and is often grounded in xenophobia and political jockeying, privacy and security remain major concerns when it comes to online voting (where voters use an app or a web portal to cast votes from their own digital device) or app-based caucusing tools (like the Iowa app).

The Iowa caucus debacle provides a case study in what we already know to be true: election tech is complex to implement, hard to safeguard, and risky to outsource to private companies. Though traditional paper-based or machine-based voting processes are certainly fallible and in need of improvement, the push towards online voting or vote reporting is largely driven by private companies that stand to profit, while voters and the democratic process itself have the most at risk.

As has been well-reported, the rollout of Iowa caucus app (called “IowaReporterApp”), was a disaster in terms of function and implementation. Built by small Washington-based vendor Shadow Inc. and partially funded by Democratic nonprofit group Acronym, the IowaReporterApp was intended to help precinct captions report out the multiple sets of caucus results. On the face of it, the app’s function — to upload and transfer caucus totals to party headquarters — was simple, even modest compared with systems designed to allow voters to vote directly using an app or web portal. However, the app still failed, with reporting problems that the Iowa Democratic Party chalked up to a “coding issue," and user interface glitches that meant many precinct leaders were unable to log in or use the app successfully.

There is no indication that the app failure was due to interference or malicious activity. Instead, cybersecurity and digital voting experts generally agree that the app was insufficiently field-tested, and perhaps sloppily coded. Android developer Kasra Rahjerdi told Motherboard that the app looked to be a "very off the shelf skeleton project plus add your own code kind of thing." Dan Guido, CEO of cybersecurity consulting firm Trail of Bits, agrees, saying the app “looks hastily thrown together."

After analyzing the app, Sean O’Brien, our editor at The Privacy Issue and a researcher at Yale, notes that he found “nothing glaringly non-private or insecure beyond the typical usage of Big Tech services” like software development kits from Google and Facebook and an authentication service hosted on Amazon Web Services, emphasizing that the amount of cloud-linked code increases the number of potential points of attack. The coding error which resulted in initial incorrect voting reports, and the problems many users faced when trying to install the app, undermined essential trust in the app and the caucus results in general.

Trust and anonymity are central tenets of American elections. Voter anonymity is necessary so people can’t be pressured or incentivized to vote in a certain direction. Voting needs to be trusted and trustworthy, which is why physical polling places usually have witnesses, and every vote should be accounted for (while not being traceable back to an individual voter). Paper-based elections are far from incorruptible, but they have one benefit: attacks do not scale. Tampering with paper-based votes on a wide scale requires massive human effort. However, once a voting process moves online and to personal digital devices, or once tabulated votes are transferred over the Internet using an app or other interface, points of weakness proliferate and attacks become infinitely easier to scale.

The push towards Internet-enabled voting goes much further than the examples we saw at this year’s caucuses, with lobbyists and nonprofits alike rolling out initiatives that would allow the entire voting process to happen online, without the need for voters to go to a polling place. Already, blockchain-enabled voting system Voatz has been used in a number of minor U.S. elections, including the 2018 West Virginia state elections, where it was used to allow a number of military members and Peace Corps volunteers to vote remotely from their own devices. Voatz has also faced heavy critique by MIT researchers for its potential vulnerabilities to attack. They conclude that “Given the severity of failings discussed in this paper, the lack of transparency, the risks to voter privacy, and the trivial nature of the attacks, we suggest that any near-future plans to use this app for high-stakes elections be abandoned.”

A Solution Looking For a Problem?

In outlining the risks and complexities of electronic voting, there’s already a major assumption at play: that there is demand for online voting (or Internet-enabled vote counting) in the first place. With all the chaos and confusion at the Iowa caucus and so much pundit ink spilled to bemoan the potential for hacks or subterfuge, what is the benefit? Americans have been voting in person for centuries, and while the process has many (many) problems and inefficiencies, there are well-established methods for mitigating risks like voter fraud. A transition to more widespread online voting or vote reporting would be a huge lift in terms of software development, security testing, system maintenance, and voter education, especially if the demand isn’t there.

“There is widespread pressure around the country today for the introduction of some form of Internet voting in public elections” says David Jefferson, a computer scientist at Lawrence Livermore National Laboratory. “If Estonia can do successful online voting, why can’t we?” asks everyone from Forbes to Time. What the specifics of this “widespread pressure” looks like is less clear, with no centralized voter-led lobbying groups for online voting, and the state-by-state (or city-by-city) nature of elections means it’s hard to track where this demand is strongest.

On the other hand, there is some evidence of a strong interest in electronic ballots coming from voters and potential voters. A 2016 Consumer Reports survey of 3,649 voting-age U.S. citizens found that around forty percent of likely voters said they’d choose Internet voting from their own device if it was offered, with people under 30 especially enthusiastic. It’s hard to know how these self-reported numbers would translate in a real election situation, but forty percent is nothing to scoff at.

Perhaps the strongest factor driving the various pushes towards electronic voting is a sense of technological inevitability. We already bank online, order food and transportation online, monitor home security and adjust our thermostats online, and find love online. People are increasingly accustomed to sharing personal information (from photographs to financial data) with a diverse range of apps and service providers. There is a powerful sense that we just will move to online voting, because technology wills it so. “It just seems like we should be able to[vote online],” said Diane Harris, a disgruntled voter who spoke to Consumer Reports. Despite her reservations around the security risks of online voting, Commissioner Christy McCormick of the Election Assistance Commission echoes that sentiment, saying “One way or another, we’re headed in that direction, people want to vote the way we live. People expect it.” And it seems they do.

Tech companies are more than happy to push this kind of technological determinism. Travis Kalanick, Uber co-founder and ex-CEO, frequently spoke about Uber’s rise as an inevitability, a done deal. “In a world where technology can deliver the ride you need within five minutes wherever you are in the world,” he said in 2015, at a time when “wherever you are in the world” was certainly a massive overstatement, “just imagine all the other goods and services that you could get delivered quickly, safely, with just the single touch of a button.” Uber pegged its growth to a vision of a future marked by total convenience and ubiquitous availability, which no doubt helped win over city governments whose buy-in was needed in order to increase Uber’s market penetration. For Elon Musk, technological determinism extends to the certainty that artificial intelligence will emerge — and likely sooner than later — to become the “biggest existential threat” to humanity. Compared with globalized delivery logistics and sentient AI, Internet voting seems like small potatoes, and thus perhaps even more inevitable. “Online voting: we can do it! (We have to)” says Hilarie Orman, software security expert and former chair of the IEEE Computer Society’s Technical Committee on Security and Privacy.

Do we have to, though? Voting is not a market to be captured. Applying a techno-solutionist lens and a rhetoric of inevitability has been an effective way for tech companies to drive products to market and convince people to purchase products and systems that promise a streamlined, technologically-advanced future. But applying the same market logic to the process of democracy is risky and shortsighted, and almost certainly against the public interest.

“Move Fast and Break Things” versus Democracy

The public sector necessarily works differently than the private sector. Venture-funded startups are obliged to move fast and scale quickly, working towards market dominance in order to eventually provide a return on the funders’ investment. Corporations are beholden to their shareholders, with a responsibility to return a profit above all else. In contrast, local, state, and federal government have a responsibility to ensure that processes and policies serve their constituents — that is, all of us — and to allocate resources effectively and equitably. Of course, this doesn’t always happen in practice, and millions of Americans suffer under the leadership of corrupt or merely inept officials. Still, the principle remains. Decisions around voting protocols, election administration, and other civic processes should be made to ensure that the processes will be accessible, accountable, and effective.

The embrace of minimally-tested and privately-developed election tech is an abdication of these responsibilities. Government can be slow and seem inefficient, and can be infuriating for those trying to get things done or improve processes. For folks coming from a “move fast and break things” background, the glacial pace can be infuriating. But ceding the responsibility for democratic processes to privately-developed tech providers is a shortsighted response to a complex set of problems. For governments and councils that often don’t have the internal resources to create and implement robust technological solutions, the whizz-bang promises of tech companies and the appeal of a futuristic solution is obvious.

Built as it was on cobbled-together, off-the-shelf code, the IowaReporterApp is a product of this kind of tech logic, where a minimum viable product is adequate to ship as long as seems to function well enough to superficially meet user needs. In the case of Iowa, though, it turned out to be a public and spectacular failure at the moment it mattered most. Regardless of the possible security issues, the IowaReporterApp was a failure at the level of design and user interface. Though paper-based voting processes and in-person polling places are old fashioned and seemingly retrograde, they are tested, predictable, and relatively difficult to attack at scale. Democracy is not just another market to be disrupted.

Transitioning a process — be it voting, shopping, banking, or dating — into the digital realm has a whole set of consequences outside of just the risks of hackability or complexities of user experience. Most notable, digitization can lead to the creation of massive amounts of data that can be collected, tracked, and analyzed. The information that’s relevant to the process in question (bank details, purchase information, sexual preferences) is only the tip of the iceberg. When we shop, interact, and navigate around the Internet our every keystroke and mouse click contributes to the massive troves of data that we generate and that companies collect. Electronic voting means that another process, this one central to the functioning of our cities and country, enters the realm of the trackable, and becomes a space where private companies can extract more profit.

Organizations like Berlin-based Tactical Tech are quick to point out that corporations and political lobbyists already collect and purchase massive amounts of data about our political preferences, lifestyles, and online habits for the purposes of targeting political advertising and other forms of political persuasion. These are generally “for-profit companies, with the primary aim of generating, maintaining and growing revenue,” says Tactical Tech, who also ask “what happens when the techniques of the marketing industry become the tools that influence our democracy?” So far, though, the act of voting itself has been mostly exempt from this extractive logic.

Shadow Inc. has not publicly disclosed what kinds of ancillary or tracking data is collected from those who downloaded or used the IowaReporterApp, but it would be eminently possibly for election apps to contain surveillance software. Indeed, in 2017 researchers detected trackers in 75% of the 300+ Android apps they analyzed, that collect user data for purposes like targeted advertising or location tracking. Since then, we’ve learned much more about these trackers, with the same researchers at Exodus Privacy now reporting hundreds of trackers in many thousands of apps.

Though the IowaReportApp itself seems clean from sketchy, third-party trackers, it still utilizes Big Tech code that can leak information from voters to powerful data brokers. The proliferation of similar apps that may be required for future elections and polling are a likely threat to the democratic process. As the spread of the COVID-19 strain of the coronavirus causes a global pandemic, we may see a push for voting via mail and, potentially, the rise of more remote voting apps.

Online voting that takes place from personal devices like laptops and phones is a concern, given that Big Tech companies like Google and Facebook are constantly tracking our behavior and movements online, up to and potentially including our activities around online voting. Even assuming voter privacy is well protected and online voting systems are secure from breaches, the metadata produced around the voting process and the data exhaust produced as we move through the Internet and engage with online systems is susceptible to collection and use.

The ability for private companies to collect massive amounts of data about our online movements and activities is another way that “public good” activities like voting can be used for private profit when they are transitioned into the digital realm. Submitting to data collection is an increasingly-inescapable fact of being online, whether or not it is ethical or sustainable as a fundamental framework for the Internet. Bringing the processes of voting and civic participation in elections online and into the realm of this extractive data regime would provide yet another opportunity for private companies to profit from our every action.

Technology Amplifying Inequity

While the IowaReporterApp and the many nascent variations of online voting systems may mostly be “insecure technological solutions to problems that don't exist” as Motherboard put it, it would be disingenuous to claim that there aren’t problems with the current system. Aside from systemic and entrenched issues like ongoing voter suppression and gerrymandering, voter turnout has hovered at around 55% for Presidential elections for the past half century, methods for collecting and recording votes are wildly inconsistent from state to state, and voters in some areas face massively long lines or confusion on election day. If electronic or online voting isn’t the answer to solving election woes — and it pretty clearly isn’t — then what should be done instead?

Voting is a design issue. Every step in the experience of voting, from registering to waiting at a polling place to filling out a ballot, involves design challenges. Of central concern, the actual ballots vary widely in terms of design, with states and cities left in charge of designing ballots for their own elections. Famously bad ballot design, such as the notoriously-misaligned “butterfly ballot” used in Palm Beach county Florida in the 2000 Presidential election, can sway outcomes and result in thousands of miscounted or discarded ballots. Groups like the Center for Civic Design strive to provide research-backed guidelines for designing clear and effective ballots, but it’s estimated that ballot design flaws contributed to hundreds of thousands of lost votes in recent elections. Adding an electronic interface to the equation is likely to exacerbate design problems. As caucus leaders in Iowa found, even downloading and installing an election app can be a challenge. Digital interfaces can have additional navigation difficulties, like candidates who aren’t visible unless voters click a button to view “More...” or submission buttons and touchscreens that are glitchy and hard to use. Across the board, better ballot design and rigorous testing of ballots and electronic interfaces could help improve voter experience and minimize risk.

Voting is an access issue. Access and convenience are common reasons cited by activists and technologists pushing for online voting. After voters in some areas waited over three hours to cast their votes on Super Tuesday, these concerns are more valid than ever. Inaccessible polling places and lack of accessible voting machines are impediments to disabled voters and may prevent disabled voters from casting a truly private and independent ballot. Black and Latinx voters face more obstacles on average than white voters, including long queues and closure of polling places in states like Texas. Even enrolling to vote can be complex, with impediments to those who move often or lack identification. For these reasons and more, online voting is proposed as a cure-all to reduce barriers and improve voter turnout. However, recent evidence from Iowa and beyond shows that technology can create new barriers: people with lower levels of digital literacy can struggle to access and use online tools, and technical glitches and errors can be off-putting and dissuade people from using or trusting online systems. Instead of jumping to techno-solutionism, states and cities need to invest in accessible polling places, improved voter registration and verification systems, and possibly increased mail-in voting capabilities. Building accessible elections isn’t cheap or easy, but it’s a civic duty.

Voting tech needs to be slow tech. Compared with other processes, voting should be one of the places where technology is adopted the most cautiously and methodically. We’re living through a time when more and more of the world is being organized to be legible to machines that “think” very differently than the way that humans do. The wide adoption of algorithmic decision-making and machine learning mean that we’re asked to relinquish control and trust to “black box” systems, which are built on processes that are essentially untraceable and opaque.

In many aspects of life, we’re learning to accept the rise of mysterious software intermediaries. Perhaps, though, democracy is one area where we can’t risk the alchemy of blockchain or the wizardry of complex code. Because, unlike a glitchy consumer product or a buggy piece of software, an election can’t be “fixed” by just rolling out a patch or upgrade. Once voters arrive and ballots are cast, it’s too late to fix the bugs, redesign the interface, or increase the security.

Whether you’re concerned about foreign interference or just want to make sure that your grandma doesn’t get bamboozled by a complex new digital interface, it should be in all of our interest to insist that election tech is held to a different standard than your average Silicon Valley innovation. Democracy is hard, it’s costly, and it’s easy to undermine. But we can — and must — ensure that the tenets of privacy and transparency are upheld. To do this, we should direct our focus to fundamental problems with election integrity rather than being driven by a predetermined solution, implementing new technology cautiously and with the best interests of the most people in mind.

Election tech can be as complex as a blockchain-enabled interface. It can also be as “low-fi” as making polling places accessible, changing the font size on a paper ballot, or allowing prisoners to vote. There’s a ton of hard work to be done to make elections in the U.S. more equitable, and it’s up to us all to make sure our efforts are aimed at the right problems.