Tuesday, November 2, 2010

Thoughts on Online Voting

I can apply for loans, communicate with doctors, and do any number of other sensitive things online, but to vote I must go somewhere (which may be close to where I live but far from where I work) and wait in line, or send a bunch of stuff through the mail. These transactions costs are just as real as any other costs, so theoretically their elimination would be an unambiguous win for society.

The cynic might say that the nonexistence of online voting is deliberate. If online voting is allowed, the demographics of the turnout would be much different (i.e., more busy young people), which might be to the disadvantage of those in power. It's easy to see that the most passionately political people and those with the most spare time or the shortest commutes are overrepresented in the final tally. Whether this is good or bad is an open question.


Josh Hattersley said...

The reason we don't have online voting is security (or lack thereof). If your loan application is compromised, only you are fucked; if a nationwide online voting system is compromised, the whole country might be fucked (due to subsequent vote rigging). Not saying it's not possible to have an online voting system--I'm sure we will at some point, likely within our lifetime--but with the number of reports of giant credit card/personal info/sensitive data servers being compromised all the time, it's no surprise people are wary. Hell, even electronic (in-person) voting machines are easy to compromise!

Greg Finley said...

Fair points, I suppose. Us economists like to call anything we don't like "transactions costs" or "rent seeking" and imagine a world without them, even if it's not realistic.

Josh Hattersley said...

Addendum: while I'm sure there may be some savvy politicians who fear the potential demographic changes an online voting system would bring, at present I believe security concerns trump the possibility than a lack of such a system is in part an effort to keep more voters from the ballot box.

Also note that in order to implement an online voting system, we'd need some sort of national citizens database with personal information (including your Social Security number, address, full name, etc.) of every eligible voter. So not only might the votes themselves be tampered with in the event of a breach, but we'd be exposing the entire country to the risk of identity theft.

Greg Finley said...

But databases with that information already exist at many places. Most obviously, there's a record of every single Social Security number ... at the Social Security Administration.

And think of how many times you register your SSN somewhere (banking, employment, DMV, etc.) without incident.

Josh Hattersley said...

The information may exist elsewhere, but the SSA's database isn't plugged into an externally accessible website as far as I know. There's a big difference between an internal records database and a publicly accessibly one that expects individuals to log in and authenticate against the sort of data the SSA has. The former can be protected easily; the latter necessarily needs to open up a conduit to the outside world, and the existence of that conduit leaves the database open to attempts at compromising it.

Yours and many others' personal information certainly is out there in a number of forms, many of them accessible over the internet (thus exposing you to the risk of having that info stolen). But, to the best of my knowledge, no such database exists that is both publicly accessible and contains ALL the information on every registered citizen in the U.S.

Greg Finley said...

Very good points.

This conversation has also gotten me to thinking about the whole authentication problem. With enough effort, I could probably answer all the security questions about my close family, for instance. But there's been fraud forever (such as deceased people voting), and it's hard to imagine that this would be great enough to sway the outcome of an election.

Josh Hattersley said...

It's not that hard to imagine, really, given the differences between what would likely be a very centralized online voting database and the current decentralized collection of voting systems that we have. Drill down to the district level currently and I'm sure you'll find fraud in some cases, but that fraud will (hopefully) be averaged out as there is voting taking place on an extremely widespread scale in hundreds of other districts. An online system, by contrast, would likely aggregate voting results centrally, providing for a much easier way to affect election outcomes nationally given unauthorized (and undetected) access.

I'm sure there will be methods to counteract this if/when an online voting system is implemented--multiple vote aggregation servers, perhaps, which would need to authenticate against one another to verify matching results before those results could be confirmed--but removing the paper trail and the inherent security of a decentralized tallying approach introduces security and fraud concerns no matter how you slice it.