"Awards? I don't go down that path. I try to do good for folks--to be as open as fair as I can and to help folks around the world--that's my mission."--Joseph Kiniry
It is difficult to describe world-class electronic-voting expert Joe Kiniry and his accomplishments in 25 words or less. In his own words, he is "Research Lead, Rigorous Software Engineering, Verifiable Elections, High-assurance Cryptography, and Audits-for-Good ["principle investigator"] at the Portland, Oregon firm Galois, Inc., which "specializes in the research and development of new technologies that solve the most difficult problems in computer science." Kiniry has held permanent positions at four universities in Denmark, Ireland, and The Netherlands over more than a decade before he joined Galois eighteen months ago with a stunning CV that recorded his many years of experience in the "design, development, support, and auditing of supervised and internet/remote electronic voting systems."
My main question to Dr. Kiniry was about Internet voting and its future here and throughout the world. He said that the concept has been around for 30 years--30 years since the first papers and theses were published--"everybody was looking for a way to leverage the Internet." "That's when SCYTL was incorporated as a source of 'secure electronic voting, election management and election modernization solutions' and some smaller players started up" and research on it spread once the Internet proliferated with firms like AOL. There is growing interest in its use and deployment. It is already spreading from Canada to Kenya, from Alaska to Australia. In this country IV IS GROWING SLOWLY, in "fits and starts, at the municipality level" in the hands of SCYTL and Dominion (a Canada-based company, the second-largest vendor of election systems in this country, exceeded only by Electronic Solutions and Software [ES&S]).
In the United States, IV is done despite disastrous results in test runs by IV experts. Recall the capsizing in 2010 of the IV experiment in Washington, DC, by Professor Alex Halderman and some of his grad students. In 24 hours they had completely penetrated the system, proving how completely vulnerable it was to hacking. They even found evidence of foreign countries' attempts to "invent" the correct password, which was easy and common, something like "admin."
Halderman and his students left a signature on their work: the University of Michigan's fight song.
In Alaska, Kiniry said, electors use "a flawed product from SCYTL." According to an April 6, 2015 article in the Washington Post, in which Kiniry was interviewed, "Voters [in Alaska] can choose to download and fill out a PDF ballot form and e-mail it back to the election official. This method has also been used in emergency situations such as after Hurricane Sandy in New York. In a test, though, the researchers hacked into a home wireless router and changed a voter's selection before the voter's e-mail reached the official, leaving virtually no trace of their attack. The hack showed the vulnerability of current systems, but whether it would work on a scale large enough to influence an election is up for debate."
A 2011 IV-related experimentation program was conducted by the Department of Defense (DoD), which refused to release results until this year. It was "a dismal failure, "according to the U.S. Vote Foundation.
Today IV is built, tested, and deployed in 15-20 countries, despite dire warnings from deep experts in every aspect of electronic voting (e-voting). We must recall that similar warnings preceded the viral proliferation of electronic voting systems, both direct-recording (sans paper trail) and optical scanning (which includes a paper trail that is not often consulted; some states have outlawed resorting to the paper trails at all) prior to the passage of the Help America Vote Act late in 2002.
Among the serious problems posed by IV, in addition to its infinite vulnerability to hacking at every level are that, according to Kiniry:
A.Testing is so expensive and full of problems that users "can" the system;
B. Serious problems occur in the implementation; IV is deployed and users encounter the same set of problems; they use it and then "can" it.
C. Estonia ignored the problems and continues to use it--this third instance is the rarest case and that's a good thing, even though computer scientist Professor Alex Halderman visited the country recently and found serious security flaws in the system. (IV systems were first used in the early 2000s also in Switzerland, but most recently the country eliminated it in 9 cantons because of security flaws discovered)
"More IV projects have been canceled than continue to exist," said Kiniry. "No one will listen to the experts, top computer scientists in the area and listen to others just down the road. It's remarkable." Nonetheless, other U.S. states aspire toward them--including Maryland, or at least some top-ranking officials there. More publicly, in Colorado, SoS Wayne Williams just instituted vote-by-mail (VBM), joining Oregon and Washington and part of California). But he wants to "advance" to IV, having requested suggested systems from the public. He is confrontational, claiming that we're trying to stifle UOCAVA and military and overseas voters, said Kiniry. Williams says that mailed-in paper ballots can be tampered with.