Grateful to web software developer Nigel McNie for his permission to reproduce this speech to Wellington City Council. Nigel also writes on IT security at at https://medium.com/@nigelmcnie. He has written a recent mythbuster against online voting and his thought provoking submission to the Justice & Elections Select Committee’s inquiry into the 2014 New Zealand general election is there as well.
This speech was given on the occasion of Wellington Council’s urgent special council meeting called, at short notice, and without prior consultation to meet the central government timetable to decide whether to sign up to the Department of Internal Affairs ‘trial’ of internet voting which may be held at the 2016 local council elections. The council voted to participate by 8 votes to 6.
Mayor Wade-Brown, Councillors, thank you for this opportunity.
I jointly run software development firm Opcode, which has half a million
dollars revenue, and clients in NZ, the US, and the UK. For one of our clients,
we write an online system containing the medical records of thousands of UK
citizens. For several clients, our code and infrastructure have been subjected
to penetration testing by security professionals.
Given this experience, I have a lot to say on the subject of online voting. As
such, I was deeply surprised to read in the agenda for this meeting, the note
that “no consultation is required for this decision”. This is at odds with the
DIA report on online voting, which says “it is advisable to engage in
meaningful public consultation both on the concept of online voting and the
sort of system envisaged”. If this meeting is it, then this is not enough.
The benefits of online voting have not been shown. The DIA report itself
concludes there is no good evidence that online voting raises turnout. Yet in
return, online voting opens the election up to massive new risks that don’t
apply to postal voting.
Hacking is a risk. Consider the Ashley Madison hack. Like the Death Star, one
small hole destroyed the entire website. And there have been hundreds of hacks
this year alone. The Walmart hack, the Sony hack, the US Govt OPM hack, the
Carbonic heists… these are big names!
Phishing is a risk – that’s emailing people links, for example to fake websites
that LOOK real – like what happened to immigration.govt.nz recently. The danger
there is that during election time, everyone could be emailed directing them to
a fake site where they could be tricked into entering their credentials.
Hackers could then cast real votes on behalf of the tricked people.
Malware is also a risk, and could be used to manipulate people’s votes before they
even arrived at the online voting system. No matter how perfect the system is,
such manipulation can be done in undetectable ways.
These problems are all unique to online voting, and they are caused by the
structure of the internet as it exists today. That same structure also means
these problems can be exploited by people anywhere in the world – which is not
true of postal voting.
In 2004, internationally renowned security expert Bruce Schneier said: “Building
a secure Internet-based voting system is a very hard problem, harder than all
the other computer security problems we’ve attempted and failed at. I believe
that the risks to democracy are too great to attempt it.”
Nevertheless, a bunch of countries have tried – and the results have been poor.
Out of the 12 studied in the DIA report, 6 have either discontinued their
systems, or in the case of the Netherlands, has banned online voting entirely.
And of the remaining six, none of them have provided good evidence of increased
I understand that Wellington wants to be seen as a hi-tech, progressive city,
but rushing into a politically binding rollout of online voting without
adequate consultation does not send that message. Councillors have a
responsibility to carefully tend our democratic functions, and it makes no
sense to be guinea pigs in a system with such massive risks when no benefit has
I urge you to vote ‘no’ to this proposal, at least to allow community
consultation to occur.