Reading Bruce Schneier’s first post-election post, Election Security it was interesting how we had come to essentially the opposite conclusions about the US election being hacked. This is because he took a very narrow definition of the word ‘hacked’ to focus exclusively on known, reported events or suspicions about the integrity of electronic voting machines. I took a broader view, where I took into account the hack involved considerable social engineering, attempts to limit voter access and public misinformation.
In the wake of what has happened and will happen here(leaving aside some of the darker prognostications), it simply does not make sense to look at the election in such narrow terms. I felt a certain quaintness reading this essay. From the misplaced confidence in systems that are obviously broken, to the final conclusion:
We need to have these conversations before something happens, when everyone can be calm and rational about the issues.
The problem is something DID just happen, and people are clearly not calm and rational. I know calmness and rationality are matters of degree, and things can clearly get worse, but it seems to me we are already having the public reaction that Schneier so fears if we were to have a publicly exposed technical hack of election machines. Why? Because the public, or most of it anyway, understands that this was a hack. They know what happened was wrong, and our system was gamed and played on a level that can only be adequately described as a hack.
Which systems are broken? Political opinion polling is broken. It did not work in this presidential election. Political opinion polling is largely how you are able to determine if electronic voting systems are hacked. If you do not have good polling data, you have lost one of your main tools for determining if voting machines are producing inaccurate results. So, I see it as kind of quaint to even think you would be able to determine this. In fact, the historically most accurate polls, exit polls, indicate precisely that there was indeed fraud, and the election was indeed stolen in the swing states where it mattered. This is described by Greg Palast here.
So, do I agree with the general thrust of Schneier’s post that we need more and better security policies around electronic voting? Well, no, I don’t. I don’t think electronic voting is viable in our democracy at this time. There is just too little trust. Bits are too easy to change, too easy to copy or surreptitiously alter. To have confidence in your bits, you must have confidence in your institutions. When your institutions fail you, your bits may fail you too. Throughout our history, we’ve always had the physical goods, the paper ballots, as cumbersome, antiquated and unwieldy as they were. It turns out these properties are exactly what make them good. Paper ballots are easy to verify, easy to recount. When you have paper ballots, you can have confidence in your results and they are provable.
To so many people, what our software does in contrast is magic. People in general don’t understand how it works, and our legislators who are permitting the proliferation of software-controlled-elections don’t understand it either. So Bruce, the horse has turned into a car and left the barn, and I see you back there talking about how we can improve the saddle.