The worldwide novel coronavirus pandemic has upended life all over the globe, including here in the Pacific Northwest. School buildings are for the most part closed through the remainder of the 2019–2020 school year, with classes having migrated online; restaurants have either ceased operations or moved to a takeout/delivery model only, and very few people are traveling either domestically or internationally, resulting in empty hotel rooms and parked jets.
Political activism has also been affected. Organizations on both on the right and left sides of the political spectrum are struggling to adapt to a reality in which events and in-person contact are taboo. Campaign kickoffs aren’t feasible right now, doorbelling isn’t acceptable right now, and political parties cannot hold caucuses and conventions like they normally would in a quadrennial year.
The same holds true for in-person signature gathering: can’t do it right now.
This is a problem because ballot measures must be signed by a certain number of voters in the applicable jurisdiction (state or local) to qualify.
In Washington State, an initiative petition must be signed by at least eight percent of the number who voted in the last election for governor, per the Washington State Constitution. The bar for referendum measures is half that — four percent.
At the local level, the threshold varies. Jurisdictions with home rule forms of government may make the instruments of direct democracy available and decide upon their own rules, and many do. A total of fifty-five cities in Washington have the initiative, including the state’s largest municipality, Seattle.
Owing in part to its size, Seattle voters see more initiatives at the city level than denizens of other cities do. Later this year, they may be seeing a measure from Socialist Alternative that is being pitched as “Tax Amazon”.
SA’s Alycia Lewis argues:
The COVID-19 public health emergency has exposed the fragility of the global capitalist economy as well as the inherent dangers of extreme income inequality. While the richest 1% have been accumulating record amounts of wealth, the capitalist system is completely unprepared to care for the 51% of working Americans who are one missed paycheck away from financial ruin.
In the midst of this public health and economic crisis, the urgency of taxing corporations to fund social programs for working people has become more apparent than ever.
NPI agrees with the argument that the wealthy and large corporations are not paying their fair share in taxes, and that this inequity needs to be urgently addressed. What concerns us is not that Socialist Alternative wants Amazon and other large firms to pay more in taxes, but that they want to use the pandemic as a pretext to start allowing online signature gathering — which is a bad idea.
Petition to Governor Jay Inslee and Secretary of State Kim Wyman:
We’re calling on the state of Washington to protect our democratic rights and allow for online signature gathering for initiative and candidate petitions!
We are living through an unprecedented global pandemic and economic recession. Working people are facing lost jobs, lost wages and a serious threat to their health and lives.
In this context, it’s more important than ever that we are able to maintain democratic rights and fair elections.
Under current law, ballot initiatives can require tens or even hundreds of thousands of petition signatures to be gathered on printed paper. But there is no “safe” or even legal way to do this in the context of the “social distancing” urged by scientists, and a state-mandated lockdown, and it would be reckless to even try.
CityLab’s Sarah Holder reported yesterday that Socialist Alternative is “not waiting for a response to start soliciting online signatures, which they hope will eventually count towards the upwards of 22,000 signatures they’ll need by early August.”
“We want it to be on the ballot this November,” SA’s Eva Metz told CityLab. “I think the state should provide leadership around how to do this safely.”
It is neither safe nor legal to gather signatures online for a ballot measure like this. If Socialist Alternative is truly concerned about maintaining democratic rights and fair elections, then they should not be asking Governor Inslee and Secretary of State Kim Wyman to attempt to change state law by executive decree (something the state’s executive department absolutely cannot do) in order to allow them to experiment with online signature gathering.
As a cybersecurity strategist, I’m always appalled when I hear people talking about using the Internet for voting or signature gathering.
Free and fair elections are a bedrock requirement of a healthy democracy, but it is not possible for an election to be free or fair if it is conducted over the Internet, as any reputable cybersecurity expert or computer scientist knows.
This is because the Internet is inherently insecure… even with the protocols we’ve created to attempt to encrypt information in transit and at rest, like Transport Layer Security (TLS), which your browser and our server made use of in order to show you this page over HTTPS (HyperText Transfer Protocol Secure).
The Internet was simply not designed for many of the uses for which it is now being put to. That is why, if you’re well read, you’ll often see articles discussing the medium’s many growing pains and governance issues.
I am sometimes asked why voting or signature gathering over the Internet is not feasible given that so much business activity has moved online.
Ecommerce wasn’t a thing thirty years ago, but now people place billions of dollars worth of online orders for stuff every week without a second thought.
The answer there is that we tolerate a lot of fraud.
And I mean a lot.
Fraudulent transactions cost banks and merchants billions of dollars every year in losses. Despite advances in credit card technology (for instance, your credit card probably now comes with a chip and PIN), fraud is still commonplace. A 2019 study by LexisNexis Risk Solutions found that the problem is only getting worse.
“Fraudsters are exploiting digital channels and seizing more opportunities across a diverse set of retailers,” LexisNexis explained. “Retail fraud attempts have tripled since 2017 — and every dollar ‘stolen’ represents more than $3 lost on average due to merchandise redistribution, investigation and other costs.”
“it’s not just the volume of fraud that’s rising, it’s also the cost,” they add.
$3.13 is the average total loss per $1 of fraud, which is up 6.5% from 2018.
What’s driving the fraud increase? According to the report, it’s these factors:
- An increase in mobile transactions
- More automated botnets
- More digital goods/services sold
- Sophisticated synthetic IDs
- More cross-border transactions
43% of retailers surveyed said that verifying customer identity is a top challenge.
Think about that for a second. If retailers are having great difficulty verifying their customers’ identities, how are governments supposed to verify that petition signatures or returned ballots actually belong to real voters, not bots?
We’ve basically decided as a world community to tolerate fraud in ecommerce. That is why it’s still legal to buy and sell things online. Banks and other big financial firms absorb losses from fraud as part of the cost of doing business.
That model, however, does not work for elections and voting.
Again, for democracy to be healthy, elections must be free and fair. People must be able to trust the results. An unsafe system vulnerable to attack and exploitation will not produce results that anyone can have confidence in.
In Washington State, voter rolls are a public record. The list is freely available to anyone anywhere in the world — from local political groups spanning the ideological spectrum to Russian hackers working at the behest of Vladimir Putin.
When you consider how much additional information about people is out there for the taking, you can appreciate that impersonating someone over the Internet is an extremely trivial exercise. Identity theft has become child’s play.
In Washington’s vote-at-home system, the main means of authenticating a ballot is the voter’s signature, which is on file with the state and with county elections officials. Unlike the voter rolls, this index of voter signatures is not public.
To verify a returned ballot or a signature on a petition, election workers compare what they see on the envelope or petition sheet with the signature that is on file with the state. In the case of a mismatch on a petition, the signature is not valid.
This paper based system is not immune to fraud, of course.
Anyone reading this post has undoubtedly heard of forgery, and signature fraud on petitions is a problem that NPI has tracked for years. Still, paper-based systems are much more secure than electronic systems.
Using paper means there is a paper trail. A paper trail permits audits and recounts in the event of a close result or a problem, like suspected fraud.
In fact, many of the cases of signature fraud we know about were caught by election workers who were conducting random sample checks on petitions and found irregularities which were turned over to the State Patrol for investigating.
It is bad enough that there are occasionally cases of fraud in our paper-based system. If signature gathering moves online, the risk of fraud explodes. What’s more, it places another aspect of our elections system at risk of cyberattack.
How do the folks at Socialist Alternative propose we authenticate people who sign petitions electronically — and remotely, not in the presence of a circulator?
We do not want to use the signatures matching those kept by the state in the voter file as means of authenticating an electronic petition — because we don’t want hundreds of thousands of voter signatures traveling across unsecured networks. Besides, signatures created with a finger, mouse, or stylus differ substantially from signatures created with paper and pen anyway.
We also don’t want to follow the bad example set by the banking industry and other states in using Social Security numbers and driver’s license ID numbers as a means of authentication (as Arizona does with E‑Qual).
Social Security numbers really shouldn’t be used for anything other than purposes related to Social Security, yet they have become de facto national ID numbers. Similarly, driver’s license numbers are now used for purposes that have nothing to do with verifying that someone is legally permitted to operate an automobile.
Sadly, these identifiers are frequently exposed in data breaches, or stolen. It happens all the time. Again, as I said, it’s trivial — utterly trivial — to impersonate someone online once you have enough pieces of identifying information.
Will there ever come a time when it might be safe to vote or gather signatures online? I doubt it. The Internet is arguably one of humanity’s greatest inventions, but it has as many downsides as upsides. Its design makes it unsuitable for certain functions, and voting is one of them. Signature gathering is another.
I wish I could say that the Internet were becoming a safer place, but it isn’t. All the evidence suggests the Internet is currently becoming less safe.
Consider the so-called “Internet of Things” trend. A growing number of companies manufacture toys, appliances, and other household or industrial objects that are intended to connect to the Internet. The software inside these “things” often contains security vulnerabilities and never receives software updates.
Ironic, isn’t it, that gadgets and gizmos marketed as “smart” can easily wind up jeopardizing their owners’ (or users’) safety and well-being.
A staggering 98% of IoT traffic is unencrypted, a new analysis suggests.
Savvy elections officials know all about the trends I’ve just discussed. That’s why, even in 2020, electronic signature gathering generally remains illegal.
Denver, Colorado is, to our team’s knowledge, the only big city in the country that currently allows signatures to be gathered electronically. However, their “eSign” system is not designed for remote signature gathering; it’s designed for in-person signature gathering. This marketing PDF describes it in greater detail.
NPI opposes Denver’s use of eSign; we believe its use should be discontinued for security reasons. And we believe other jurisdictions should say no to adopting electronic signature gathering, including nearby Boulder. Voters there said yes to doing online signature gathering, but it hasn’t been implemented yet.
A year ago, the Boulder Weekly explained how the idea had run aground:
Last November, City of Boulder voters approved a measure by a nearly 3‑to‑1 margin to allow electronic and online signature-gathering for future ballot initiative, referendum and recall petitions. That means residents want to be able to add their signature to ballot initiatives, online, from home, instead of having to find signature-gatherers scattered about the city, sign in print, and, for the gatherers at least, wait for those signatures to be verified.
At the very least, the measure allows signature-gatherers to use tablets to collect signatures, which automatically verifies signers’ residency and voting status.
There’s only one problem: It’s not clear that software exists yet to implement such a system. The Boulder City Council determined as much last month after talking to City Attorney Tom Carr, a working group assembled to research implementing the measure (Ballot Question 2G), and city staff.
The article went on to note:
There is a muddied precedence for implementing electronic and online signature-gathering. Utah, Nebraska, Arizona and Tennessee all attempted to pass legislation that would allow for electronic signature-gathering, but all those efforts were defeated.
Two companies that have developed software to collect electronic and online signatures, Verafirma and Allpoint Pen, have since had their efforts challenged in court.
There are currently groups in both Arizona and Colorado who are, like Socialist Alternative, asking authorities there to simply waive existing laws and rules to allow signatures to be collected electronically.
A spokesperson for one of those groups — Lynea Hansen of Colorado Families First — told The Denver Post: “It is important to note we are looking at all of these options only being allowed in the time of a public health crisis and not for them to become the way things are done in the future.”
Sorry, but that dog won’t hunt. The need for our elections system to be secure and trusted arguably takes on even more importance during an emergency like this. Suspending laws and rules around signature gathering and ballot measure qualification just so that groups who had their hearts set on going to the ballot this year makes no sense, and would set a terrible precedent.
NPI calls on election officials and judges at the local, state, and federal level to say no to such requests. Groups wishing to proceed with a signature drive during a pandemic are free to explore other options that are within the law, like the electronic distribution and physical return of petitions. And they should.
They’d also do well to remember that the pandemic has disrupted a great many things, including people’s livelihoods. It’s not just their plans that are affected.
Friday, April 10th, 2020
Progressives should not be championing online signature gathering. Here’s why.
The worldwide novel coronavirus pandemic has upended life all over the globe, including here in the Pacific Northwest. School buildings are for the most part closed through the remainder of the 2019–2020 school year, with classes having migrated online; restaurants have either ceased operations or moved to a takeout/delivery model only, and very few people are traveling either domestically or internationally, resulting in empty hotel rooms and parked jets.
Political activism has also been affected. Organizations on both on the right and left sides of the political spectrum are struggling to adapt to a reality in which events and in-person contact are taboo. Campaign kickoffs aren’t feasible right now, doorbelling isn’t acceptable right now, and political parties cannot hold caucuses and conventions like they normally would in a quadrennial year.
The same holds true for in-person signature gathering: can’t do it right now.
This is a problem because ballot measures must be signed by a certain number of voters in the applicable jurisdiction (state or local) to qualify.
In Washington State, an initiative petition must be signed by at least eight percent of the number who voted in the last election for governor, per the Washington State Constitution. The bar for referendum measures is half that — four percent.
At the local level, the threshold varies. Jurisdictions with home rule forms of government may make the instruments of direct democracy available and decide upon their own rules, and many do. A total of fifty-five cities in Washington have the initiative, including the state’s largest municipality, Seattle.
Owing in part to its size, Seattle voters see more initiatives at the city level than denizens of other cities do. Later this year, they may be seeing a measure from Socialist Alternative that is being pitched as “Tax Amazon”.
SA’s Alycia Lewis argues:
NPI agrees with the argument that the wealthy and large corporations are not paying their fair share in taxes, and that this inequity needs to be urgently addressed. What concerns us is not that Socialist Alternative wants Amazon and other large firms to pay more in taxes, but that they want to use the pandemic as a pretext to start allowing online signature gathering — which is a bad idea.
CityLab’s Sarah Holder reported yesterday that Socialist Alternative is “not waiting for a response to start soliciting online signatures, which they hope will eventually count towards the upwards of 22,000 signatures they’ll need by early August.”
“We want it to be on the ballot this November,” SA’s Eva Metz told CityLab. “I think the state should provide leadership around how to do this safely.”
It is neither safe nor legal to gather signatures online for a ballot measure like this. If Socialist Alternative is truly concerned about maintaining democratic rights and fair elections, then they should not be asking Governor Inslee and Secretary of State Kim Wyman to attempt to change state law by executive decree (something the state’s executive department absolutely cannot do) in order to allow them to experiment with online signature gathering.
As a cybersecurity strategist, I’m always appalled when I hear people talking about using the Internet for voting or signature gathering.
Free and fair elections are a bedrock requirement of a healthy democracy, but it is not possible for an election to be free or fair if it is conducted over the Internet, as any reputable cybersecurity expert or computer scientist knows.
This is because the Internet is inherently insecure… even with the protocols we’ve created to attempt to encrypt information in transit and at rest, like Transport Layer Security (TLS), which your browser and our server made use of in order to show you this page over HTTPS (HyperText Transfer Protocol Secure).
The Internet was simply not designed for many of the uses for which it is now being put to. That is why, if you’re well read, you’ll often see articles discussing the medium’s many growing pains and governance issues.
I am sometimes asked why voting or signature gathering over the Internet is not feasible given that so much business activity has moved online.
Ecommerce wasn’t a thing thirty years ago, but now people place billions of dollars worth of online orders for stuff every week without a second thought.
The answer there is that we tolerate a lot of fraud.
And I mean a lot.
Fraudulent transactions cost banks and merchants billions of dollars every year in losses. Despite advances in credit card technology (for instance, your credit card probably now comes with a chip and PIN), fraud is still commonplace. A 2019 study by LexisNexis Risk Solutions found that the problem is only getting worse.
“Fraudsters are exploiting digital channels and seizing more opportunities across a diverse set of retailers,” LexisNexis explained. “Retail fraud attempts have tripled since 2017 — and every dollar ‘stolen’ represents more than $3 lost on average due to merchandise redistribution, investigation and other costs.”
“it’s not just the volume of fraud that’s rising, it’s also the cost,” they add.
$3.13 is the average total loss per $1 of fraud, which is up 6.5% from 2018.
What’s driving the fraud increase? According to the report, it’s these factors:
43% of retailers surveyed said that verifying customer identity is a top challenge.
Think about that for a second. If retailers are having great difficulty verifying their customers’ identities, how are governments supposed to verify that petition signatures or returned ballots actually belong to real voters, not bots?
We’ve basically decided as a world community to tolerate fraud in ecommerce. That is why it’s still legal to buy and sell things online. Banks and other big financial firms absorb losses from fraud as part of the cost of doing business.
That model, however, does not work for elections and voting.
Again, for democracy to be healthy, elections must be free and fair. People must be able to trust the results. An unsafe system vulnerable to attack and exploitation will not produce results that anyone can have confidence in.
In Washington State, voter rolls are a public record. The list is freely available to anyone anywhere in the world — from local political groups spanning the ideological spectrum to Russian hackers working at the behest of Vladimir Putin.
When you consider how much additional information about people is out there for the taking, you can appreciate that impersonating someone over the Internet is an extremely trivial exercise. Identity theft has become child’s play.
In Washington’s vote-at-home system, the main means of authenticating a ballot is the voter’s signature, which is on file with the state and with county elections officials. Unlike the voter rolls, this index of voter signatures is not public.
To verify a returned ballot or a signature on a petition, election workers compare what they see on the envelope or petition sheet with the signature that is on file with the state. In the case of a mismatch on a petition, the signature is not valid.
This paper based system is not immune to fraud, of course.
Anyone reading this post has undoubtedly heard of forgery, and signature fraud on petitions is a problem that NPI has tracked for years. Still, paper-based systems are much more secure than electronic systems.
Using paper means there is a paper trail. A paper trail permits audits and recounts in the event of a close result or a problem, like suspected fraud.
In fact, many of the cases of signature fraud we know about were caught by election workers who were conducting random sample checks on petitions and found irregularities which were turned over to the State Patrol for investigating.
It is bad enough that there are occasionally cases of fraud in our paper-based system. If signature gathering moves online, the risk of fraud explodes. What’s more, it places another aspect of our elections system at risk of cyberattack.
How do the folks at Socialist Alternative propose we authenticate people who sign petitions electronically — and remotely, not in the presence of a circulator?
We do not want to use the signatures matching those kept by the state in the voter file as means of authenticating an electronic petition — because we don’t want hundreds of thousands of voter signatures traveling across unsecured networks. Besides, signatures created with a finger, mouse, or stylus differ substantially from signatures created with paper and pen anyway.
We also don’t want to follow the bad example set by the banking industry and other states in using Social Security numbers and driver’s license ID numbers as a means of authentication (as Arizona does with E‑Qual).
Social Security numbers really shouldn’t be used for anything other than purposes related to Social Security, yet they have become de facto national ID numbers. Similarly, driver’s license numbers are now used for purposes that have nothing to do with verifying that someone is legally permitted to operate an automobile.
Sadly, these identifiers are frequently exposed in data breaches, or stolen. It happens all the time. Again, as I said, it’s trivial — utterly trivial — to impersonate someone online once you have enough pieces of identifying information.
Will there ever come a time when it might be safe to vote or gather signatures online? I doubt it. The Internet is arguably one of humanity’s greatest inventions, but it has as many downsides as upsides. Its design makes it unsuitable for certain functions, and voting is one of them. Signature gathering is another.
I wish I could say that the Internet were becoming a safer place, but it isn’t. All the evidence suggests the Internet is currently becoming less safe.
Consider the so-called “Internet of Things” trend. A growing number of companies manufacture toys, appliances, and other household or industrial objects that are intended to connect to the Internet. The software inside these “things” often contains security vulnerabilities and never receives software updates.
Ironic, isn’t it, that gadgets and gizmos marketed as “smart” can easily wind up jeopardizing their owners’ (or users’) safety and well-being.
A staggering 98% of IoT traffic is unencrypted, a new analysis suggests.
Savvy elections officials know all about the trends I’ve just discussed. That’s why, even in 2020, electronic signature gathering generally remains illegal.
Denver, Colorado is, to our team’s knowledge, the only big city in the country that currently allows signatures to be gathered electronically. However, their “eSign” system is not designed for remote signature gathering; it’s designed for in-person signature gathering. This marketing PDF describes it in greater detail.
NPI opposes Denver’s use of eSign; we believe its use should be discontinued for security reasons. And we believe other jurisdictions should say no to adopting electronic signature gathering, including nearby Boulder. Voters there said yes to doing online signature gathering, but it hasn’t been implemented yet.
A year ago, the Boulder Weekly explained how the idea had run aground:
The article went on to note:
There are currently groups in both Arizona and Colorado who are, like Socialist Alternative, asking authorities there to simply waive existing laws and rules to allow signatures to be collected electronically.
A spokesperson for one of those groups — Lynea Hansen of Colorado Families First — told The Denver Post: “It is important to note we are looking at all of these options only being allowed in the time of a public health crisis and not for them to become the way things are done in the future.”
Sorry, but that dog won’t hunt. The need for our elections system to be secure and trusted arguably takes on even more importance during an emergency like this. Suspending laws and rules around signature gathering and ballot measure qualification just so that groups who had their hearts set on going to the ballot this year makes no sense, and would set a terrible precedent.
NPI calls on election officials and judges at the local, state, and federal level to say no to such requests. Groups wishing to proceed with a signature drive during a pandemic are free to explore other options that are within the law, like the electronic distribution and physical return of petitions. And they should.
They’d also do well to remember that the pandemic has disrupted a great many things, including people’s livelihoods. It’s not just their plans that are affected.
# Written by Andrew Villeneuve :: 9:00 AM
Categories: Elections
Comments and pings are currently closed.