MSIM Alum Wants Your Vote—for Trustworthy Electronic Elections

By Ann Beckmann

Trust is tricky business when it comes to elections.

After Florida’s hanging chads became a household cliché in the 2000 presidential election, the Help America Vote Act (HAVA) of 2002 was expected to remedy America’s voting problems.

As part of his MSIM Capstone research, Bill Marriott (MSIM '08) discovered that the systems implemented as a result of HAVA compounded problems rather than solved them. So he decided to examine security issues associated with electronic voting.

“I wanted to approach one of those big-thinking problems that was both timely and newsworthy. This is a topic that hits the sweet spot of information security, privacy and how to manage information correctly so every vote counts,” he says.

Karine Barzilai-Nahon, Marriott's Capstone project faculty sponsor and an expert on Internet and information policy technology, notes, "I highly encourage students to choose projects that are practical on the one hand, but that empower society and communities on the other. Bill project’s is a great example. Although it was not practical in the sense that people will start applying it immediately, it is practical in the sense that people will understand better the issue of electronic voting. This is highly important if some states decide in the future to adopt electronic voting methods."

After HAVA went into effect, Marriott began to collect evidence of problems with touch-screen electronic voting machines that didn’t leave a paper trail for audit and recount purposes. Marriott found that between 2000 and 2006, electronic-voting-machine use in the United States increased from 50 percent to more than 90 percent. Yet, from Broward County, Fla., to Boone County, Ind., election results were still questioned. Officials in New Hampshire, Maryland, New Jersey, Ohio and Colorado expressed concerns about touch-screen machines. Many recommended they be replaced with paper ballots.

“The paper trail,” Marriott notes, “is intended to maintain trust.”

Marriott works for Microsoft Corporation as program manager of information security and risk management for the Online Services security and compliance division. Understanding privacy and sharing data had interested him ever since he stepped into the field of technical support after completing his bachelor’s degree at Southern Illinois University.

Given his career, it’s logical his Capstone project might champion Internet voting. In fact, he wasn’t an advocate of online voting when he started his research, he says. Instead, he wanted to concentrate on Washington state and solve problems with its Accessible Voting Unit (AVU), or touch-screen voting machine.

As he delved into state election statistics, however, Marriott learned AVUs were used by only 1 percent of voters in Washington’s 2006 mid-term general election.

“Little did I know only 1 percent of the votes cast in Washington were on touch-screen machines. The majority of votes in Washington state are cast by postal mail,” he says, shaking his head. “I realized I had to step back and do more research.”

He soon learned how popular the mail-in ballot is throughout the Northwest, both for convenience and enhanced voter participation. Oregon is now 100% vote-by-mail. In Washington, state officials estimate 75 percent of the votes cast in 2006 were mail-in ballots, Marriott says. King County, where 30% of the state’s voters reside, will be entirely vote-by-mail after this year’s general election.

In his discussion of vote-by-mail systems, Marriott’s Capstone paper outlines the many security controls that need to be in place, such as authentication, privacy, a 20-day period for mail-in ballots, security of the ballots and the results, the ability to audit ballots and independent certification of vote-counting software.

That’s where his research took another interesting turn. He found a report from Germany that compared remote postal voting with Internet voting. Overall, the researchers found similar challenges and protection mechanisms needed for both voting methods. However, Marriott notes, Internet voting cited in the report wasn’t used by a governmental group or for a national election.

King County’s Vote by Mail Project Manager Bill Huennekens, who served as a key source for Marriott’s project, says he doesn’t know that he’d call voting by mail a precursor to Internet voting, “but it will bring the physical act of voting into voter’s homes, perhaps opening the door for different, just as secure voting methods—possibly Internet voting. If Internet voting is going to happen in the future it will probably be a long time in coming. Acceptance of the technology will take time for the voting public.”

Thus Marriott, the fellow who wasn’t a believer in Internet voting, began to explore the possibility. He examined Internet voting in other countries. Estonia, for instance, started online voting in 2005.

“Estonia does have an advantage over the U.S.,” Marriott says. “All citizens have national ID cards that include a smart chip which allows for advanced electronic functions that allow for secure authentication. They also have only one million citizens.”

A couple of years before the problems with the 2000 general election in the U.S., Australia had a similar election that led to a manual recount, Marriott learned.

“The Australians decided to move to electronic voting and requested proposals from vendors. Out of 15 proposals, one solution specified open-source software. The Australian government opted for open-source software after watching the issues with proprietary systems America faced in 2000 and they were wary of solutions that weren’t transparent,” he says.

Open and public source code for vote tally software, according to Marriott, is one way to build more trust in the software’s validity because anyone who has an interest can assess the vulnerabilities or bugs. This could lead to quicker fixes in the system, he suggests.

Without a centralized form of identification in the U.S., authentication of voters still poses a problem. Marriott recommends an asymmetric PIN combination for authentication. Voters would create a PIN when they register to vote and a second system-generated PIN would be mailed to them.

“The voter can only vote if both PINS are entered correctly,” he says.

Marriott becomes animated when he considers all the possible safeguards for voting in the U.S. If there’s another challenging election this fall, he predicts it could be the impetus for big changes. His Capstone project, combined with his career in information risk management, now has him pondering a Ph.D. focused on information security and privacy.

King County’s Huennekens, who attended Marriott’s Capstone presentation, commends his work on the project.

“I think Bill did an excellent job with his research, and on the project as a whole. He did not let preconceived notions regarding the application of voting technology blind his work. He went about his work with an open mind and came to a solid understanding of voting technology not common for someone who does not work in the field,” Huennekens says.

Marriott recognizes trust is a common thread not only in voting technology and elections but also on the Internet. He describes the research of Bill Dutton, director of the Oxford Internet Institute and professor of Internet Studies at the University of Oxford, who suggests everything about the Internet is trust-based, whether it involves a job application, a credit-card purchase, a vote or any other transaction.

“I believe the future of voting is going to be on the Internet,” Marriott says. “Not this year, not next, but we’ll get there and it’ll be interesting to see how we roll it out. The issue is how do you ensure each voter trusts the system used to count votes?”