Tilting at the Ballot Box
R. A. Hettinga
rah at shipwright.com
Wed Aug 25 09:18:05 PDT 2004
Business 2.0 - Magazine Article - Printable Version -
Tilting at the Ballot Box
Entrepreneur David Chaum's e-money venture flopped. Now he wants to fix
electronic voting. For once, is the brilliant inventor right on time?
By John Heilemann, September 2004 Issue
The legendary cryptographer David Chaum has just invented something
amazing, and his timing is nearly perfect. At a moment when electronic
voting has been turned -- by a confluence of clueless election officials,
slipshod technologies, dodgy vendors, and ever vigilant geeks -- from a
great leap forward into an abject fiasco, Chaum has unveiled an e-voting
system that's everything the current gizmos aren't. It's incredibly secure.
It guarantees anonymity. Its results are verifiable. It is, Chaum claims,
"the first electronic mechanism that ensures both integrity and privacy."
Indeed, as far as I can see, Chaum's invention has only one conceivable
drawback: It won't be on the market in time to save us on Nov. 2.
As veterans of the digital revolution will recall, solving apparently
insoluble problems has always been Chaum's forte. Most famously, back in
1990, he founded the company DigiCash to commercialize his pioneering work
on electronic money. Even by the standards of that heady time, Chaum's
ambitions were lofty: propelling the international currency system into the
digital age. But while everyone agreed that the technologies he invented
were elegant and brilliant, the world, it turned out, wasn't nearly ready
for the incursion of e-money. At the end of 1998, DigiCash bit the dust.
Technology writer Steven Levy once described Chaum as "Don Quixote in
Birkenstocks." Today the Birkenstocks are gone, but the beard, ponytail,
and quixotic temperament all remain in place. Once again, the windmill he's
tilting at is an entrenched and archaic system. And once again he's
starting a new company to profit from his ingenuity. If there were any
justice or logic in this world, his success would be guaranteed. But since
the world we're talking about is national politics, I fear he faces an
No one has thought longer or harder about e-voting than Chaum. As a
graduate student at the University of California at Berkeley in the late
1970s, he wrote the first papers on the topic -- then moved on to other
things. But after the Floridian fiasco of 2000, in which hanging chads and
butterfly ballots vividly demonstrated how dangerously outmoded our
electoral technology was, Chaum's interest was rekindled. At the time,
election officials in scores of states were racing to embrace touchscreen
voting terminals from suppliers such as Diebold and Sequoia. So Chaum
considered the idea he was hatching "a totally academic exercise."
Then, out of nowhere, all hell broke loose. Computer scientists and
security experts declared the current generation of machines easily
hackable and prone to tampering. In particular, the critics complained that
because the machines leave no paper trail, their results are impossible to
audit. (Any recount would rely on the same software that might have mangled
or manipulated the votes to begin with.) Voting activists dug up a pile of
evidence of past e-voting irregularities. A populist campaign, "The
Computer Ate My Vote," erupted on the Internet. Meanwhile, Diebold's CEO,
Walden O'Dell, unwittingly fed a thousand conspiracy theories by hosting a
Bush fund-raiser -- and writing to the invited guests, "I am committed to
helping Ohio deliver its electoral votes to the president next year."
In the face of all this, states are scrambling to figure out what to do --
both in November and further in the future. The solution that's gained the
most momentum is known as "verified voting." Here a printer attached to the
touchscreen terminal spits out a hard copy of the voter's choices and
displays it under a transparent barrier. Once the voter approves the
receipt, it's put in a sealed ballot box, from which it can be retrieved
and tallied in the case of a recount. The problem, however, as Chaum points
out, is that the receipts are as vulnerable to fraud as ordinary paper
ballots. "They can, for example, be tampered with between the vote and the
recount," he says."In a sense, ballot-under-glass is no more secure than
old-fashioned punch-card systems."
Chaum's system, Votegrity, produces a paper trail too -- except Chaum
throws cryptography into the mix, and that changes the equation. With
Votegrity, the printer attached to the terminal generates two strips of
paper, each of which holds your vote in encrypted form. Overlaid on top of
one another and seen through a custom viewfinder, the strips, through some
cryptographic voodoo, reveal your choices in plain English. Once you've
verified your vote, the strips are separated, you pick one to take home as
a receipt, and the bar-code-like image on that strip is stored digitally.
When the time comes to tally the votes, the images are decrypted (using a
complicated Chaumian mathematical process that's all but tamperproof).
Meanwhile, the encoded images are posted on the Web, so that you can go
online afterward and confirm that your vote was counted by using a serial
number on your strip.
There's no denying that Votegrity teeters on the brink of genius. By
letting voters take receipts, Chaum's system would erect formidable hurdles
to election fraud -- while simultaneously, through encryption, preserving
the sacrosanct anonymity of the ballot box.
That said, I can think of at least three glaring reasons to be skeptical
of Votegrity's prospects. First, the system isn't exactly a paragon of
simplicity; it took nearly four hours of explication by Chaum for me to get
my head fully around it. Second, election officials are by inclination a
deeply conservative lot, especially around new technology. A system
combining cryptography and the Web isn't likely to set their pulses racing
-- or cause their checkbooks to spring open. Third, there's verified
voting. Whatever the imperfections of ballot-under-glass, I suspect that
many people who distrust e-voting will consider it a good-enough safeguard.
And as the history of technology makes abundantly clear, in a contest
between perfect and good enough, the latter wins every time.
Naturally, Chaum disagrees. Given the intensity of the uproar over the
current touchscreen terminals, he believes that states will have no choice
but to adopt a more sophisticated system. "The more people swear that the
machines should be trusted, the less trust there is," he says. "Forget
whether they're really secure or reliable. What matters is that major
chunks of the public don't believe they are. We've got a crisis of voter
confidence on our hands -- and it's not going to go away." As for verified
voting, Chaum simply says, "I don't think a system that's equivalent to
punch cards is going to cut it at this point."
Depending on what happens in November, Chaum could be proven right. With
the election only two months off, the backlash against e-voting has
produced a situation bordering on chaos. At the start of the year, it
appeared that some 50 million voters-roughly 30 percent of the total --
would be casting their ballots digitally. Now, who knows? In California,
the secretary of state has banned the Diebold machines from use and
decertified all the rest. In other states, there are movements afoot to
require verified voting. In still others, officials are pressing ahead with
the machines despite the hue and cry. All of which suggests one thing: If
the election turns out to be as close as most polls suggest, we may be
headed for a multistate postelection conflagration, complete with protests
and litigation, that will make the contretemps over Florida in 2000 look
like a schoolyard spat.
For Chaum, who's in the process of rounding up investors and hiring
executives for the firm he's starting around Votegrity, such a
conflagration would be, perversely, the best news imaginable. Not that he's
the kind of guy who'd root for such an outcome. A bone-deep do-gooder, a
privacy crusader, he's an unabashed idealist whose desire to make the world
better is so earnest it's slightly painful. When I asked him why he was
still tilting at windmills even after the anguish of DigiCash, he smiled,
shrugged, and softly replied, "This is really important stuff -- someone's
got to do it."
On that point he'll get no argument from me. No matter what transpires on
Election Day and in its aftermath, Chaum and his allies have already
rendered an invaluable service: not only exposing the flaws of e-voting
today, but pointing toward something better for tomorrow. Coming up with
that something -- a digital system that's secure, private, and verifiable
-- will plainly be no mean feat. As more and more geeks take up the
challenge, the odds will inevitably decline that Chaum's will be the system
that triumphs. But I can't help hoping that, for once in his life, he kicks
the windmill's ass.?
John Heilemann wrote "Pride Before the Fall." His next book is "The Valley."
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
More information about the cypherpunks-legacy