NPI's Cascadia Advocate

Offering commentary and analysis from Washington, Oregon, and Idaho, The Cascadia Advocate is the Northwest Progressive Institute's unconventional perspective on world, national, and local politics.

Friday, April 10th, 2020

Progressives should not be championing online signature gathering. Here’s why.

The world­wide nov­el coro­n­avirus pan­dem­ic has upend­ed life all over the globe, includ­ing here in the Pacif­ic North­west. School build­ings are for the most part closed through the remain­der of the 2019–2020 school year, with class­es hav­ing migrat­ed online; restau­rants have either ceased oper­a­tions or moved to a takeout/delivery mod­el only, and very few peo­ple are trav­el­ing either domes­ti­cal­ly or inter­na­tion­al­ly, result­ing in emp­ty hotel rooms and parked jets.

Polit­i­cal activism has also been affect­ed. Orga­ni­za­tions on both on the right and left sides of the polit­i­cal spec­trum are strug­gling to adapt to a real­i­ty in which events and in-per­son con­tact are taboo. Cam­paign kick­offs aren’t fea­si­ble right now, door­belling isn’t accept­able right now, and polit­i­cal par­ties can­not hold cau­cus­es and con­ven­tions like they nor­mal­ly would in a qua­dren­ni­al year.

The same holds true for in-per­son sig­na­ture gath­er­ing: can’t do it right now.

This is a prob­lem because bal­lot mea­sures must be signed by a cer­tain num­ber of vot­ers in the applic­a­ble juris­dic­tion (state or local) to qualify.

In Wash­ing­ton State, an ini­tia­tive peti­tion must be signed by at least eight per­cent of the num­ber who vot­ed in the last elec­tion for gov­er­nor, per the Wash­ing­ton State Con­sti­tu­tion. The bar for ref­er­en­dum mea­sures is half that — four percent.

At the local lev­el, the thresh­old varies. Juris­dic­tions with home rule forms of gov­ern­ment may make the instru­ments of direct democ­ra­cy avail­able and decide upon their own rules, and many do. A total of fifty-five cities in Wash­ing­ton have the ini­tia­tive, includ­ing the state’s largest munic­i­pal­i­ty, Seattle.

Owing in part to its size, Seat­tle vot­ers see more ini­tia­tives at the city lev­el than denizens of oth­er cities do. Lat­er this year, they may be see­ing a mea­sure from Social­ist Alter­na­tive that is being pitched as “Tax Amazon”.

SA’s Aly­cia Lewis argues:

The COVID-19 pub­lic health emer­gency has exposed the fragili­ty of the glob­al cap­i­tal­ist econ­o­my as well as the inher­ent dan­gers of extreme income inequal­i­ty. While the rich­est 1% have been accu­mu­lat­ing record amounts of wealth, the cap­i­tal­ist sys­tem is com­plete­ly unpre­pared to care for the 51% of work­ing Amer­i­cans who are one missed pay­check away from finan­cial ruin.

In the midst of this pub­lic health and eco­nom­ic cri­sis, the urgency of tax­ing cor­po­ra­tions to fund social pro­grams for work­ing peo­ple has become more appar­ent than ever.

NPI agrees with the argu­ment that the wealthy and large cor­po­ra­tions are not pay­ing their fair share in tax­es, and that this inequity needs to be urgent­ly addressed. What con­cerns us is not that Social­ist Alter­na­tive wants Ama­zon and oth­er large firms to pay more in tax­es, but that they want to use the pan­dem­ic as a pre­text to start allow­ing online sig­na­ture gath­er­ing — which is a bad idea.

Peti­tion to Gov­er­nor Jay Inslee and Sec­re­tary of State Kim Wyman:

We’re call­ing on the state of Wash­ing­ton to pro­tect our demo­c­ra­t­ic rights and allow for online sig­na­ture gath­er­ing for ini­tia­tive and can­di­date petitions!

We are liv­ing through an unprece­dent­ed glob­al pan­dem­ic and eco­nom­ic reces­sion. Work­ing peo­ple are fac­ing lost jobs, lost wages and a seri­ous threat to their health and lives.

In this con­text, it’s more impor­tant than ever that we are able to main­tain demo­c­ra­t­ic rights and fair elections.

Under cur­rent law, bal­lot ini­tia­tives can require tens or even hun­dreds of thou­sands of peti­tion sig­na­tures to be gath­ered on print­ed paper. But there is no “safe” or even legal way to do this in the con­text of the “social dis­tanc­ing” urged by sci­en­tists, and a state-man­dat­ed lock­down, and it would be reck­less to even try.

City­Lab’s Sarah Hold­er report­ed yes­ter­day that Social­ist Alter­na­tive is “not wait­ing for a response to start solic­it­ing online sig­na­tures, which they hope will even­tu­al­ly count towards the upwards of 22,000 sig­na­tures they’ll need by ear­ly August.”

“We want it to be on the bal­lot this Novem­ber,” SA’s Eva Metz told City­Lab. “I think the state should pro­vide lead­er­ship around how to do this safely.”

It is nei­ther safe nor legal to gath­er sig­na­tures online for a bal­lot mea­sure like this. If Social­ist Alter­na­tive is tru­ly con­cerned about main­tain­ing demo­c­ra­t­ic rights and fair elec­tions, then they should not be ask­ing Gov­er­nor Inslee and Sec­re­tary of State Kim Wyman to attempt to change state law by exec­u­tive decree (some­thing the state’s exec­u­tive depart­ment absolute­ly can­not do) in order to allow them to exper­i­ment with online sig­na­ture gathering.

As a cyber­se­cu­ri­ty strate­gist, I’m always appalled when I hear peo­ple talk­ing about using the Inter­net for vot­ing or sig­na­ture gathering.

Free and fair elec­tions are a bedrock require­ment of a healthy democ­ra­cy, but it is not pos­si­ble for an elec­tion to be free or fair if it is con­duct­ed over the Inter­net, as any rep­utable cyber­se­cu­ri­ty expert or com­put­er sci­en­tist knows.

This is because the Inter­net is inher­ent­ly inse­cure… even with the pro­to­cols we’ve cre­at­ed to attempt to encrypt infor­ma­tion in tran­sit and at rest, like Trans­port Lay­er Secu­ri­ty (TLS), which your brows­er and our serv­er made use of in order to show you this page over HTTPS (Hyper­Text Trans­fer Pro­to­col Secure).

The Inter­net was sim­ply not designed for many of the uses for which it is now being put to. That is why, if you’re well read, you’ll often see arti­cles dis­cussing the medi­um’s many grow­ing pains and gov­er­nance issues.

I am some­times asked why vot­ing or sig­na­ture gath­er­ing over the Inter­net is not fea­si­ble giv­en that so much busi­ness activ­i­ty has moved online.

Ecom­merce was­n’t a thing thir­ty years ago, but now peo­ple place bil­lions of dol­lars worth of online orders for stuff every week with­out a sec­ond thought.

The answer there is that we tol­er­ate a lot of fraud.

And I mean a lot.

Fraud­u­lent trans­ac­tions cost banks and mer­chants bil­lions of dol­lars every year in loss­es. Despite advances in cred­it card tech­nol­o­gy (for instance, your cred­it card prob­a­bly now comes with a chip and PIN), fraud is still com­mon­place. A 2019 study by Lex­is­Nex­is Risk Solu­tions found that the prob­lem is only get­ting worse.

“Fraud­sters are exploit­ing dig­i­tal chan­nels and seiz­ing more oppor­tu­ni­ties across a diverse set of retail­ers,” Lex­is­Nex­is explained. “Retail fraud attempts have tripled since 2017 — and every dol­lar ‘stolen’ rep­re­sents more than $3 lost on aver­age due to mer­chan­dise redis­tri­b­u­tion, inves­ti­ga­tion and oth­er costs.”

“it’s not just the vol­ume of fraud that’s ris­ing, it’s also the cost,” they add.

$3.13 is the aver­age total loss per $1 of fraud, which is up 6.5% from 2018.

What’s dri­ving the fraud increase? Accord­ing to the report, it’s these factors:

  • An increase in mobile transactions
  • More auto­mat­ed botnets
  • More dig­i­tal goods/services sold
  • Sophis­ti­cat­ed syn­thet­ic IDs
  • More cross-bor­der transactions

43% of retail­ers sur­veyed said that ver­i­fy­ing cus­tomer iden­ti­ty is a top challenge.

Think about that for a sec­ond. If retail­ers are hav­ing great dif­fi­cul­ty ver­i­fy­ing their cus­tomers’ iden­ti­ties, how are gov­ern­ments sup­posed to ver­i­fy that peti­tion sig­na­tures or returned bal­lots actu­al­ly belong to real vot­ers, not bots?

We’ve basi­cal­ly decid­ed as a world com­mu­ni­ty to tol­er­ate fraud in ecom­merce. That is why it’s still legal to buy and sell things online. Banks and oth­er big finan­cial firms absorb loss­es from fraud as part of the cost of doing business.

That mod­el, how­ev­er, does not work for elec­tions and vot­ing.

Again, for democ­ra­cy to be healthy, elec­tions must be free and fair. Peo­ple must be able to trust the results. An unsafe sys­tem vul­ner­a­ble to attack and exploita­tion will not pro­duce results that any­one can have con­fi­dence in.

In Wash­ing­ton State, vot­er rolls are a pub­lic record. The list is freely avail­able to any­one any­where in the world — from local polit­i­cal groups span­ning the ide­o­log­i­cal spec­trum to Russ­ian hack­ers work­ing at the behest of Vladimir Putin.

When you con­sid­er how much addi­tion­al infor­ma­tion about peo­ple is out there for the tak­ing, you can appre­ci­ate that imper­son­at­ing some­one over the Inter­net is an extreme­ly triv­ial exer­cise. Iden­ti­ty theft has become child’s play.

In Wash­ing­ton’s vote-at-home sys­tem, the main means of authen­ti­cat­ing a bal­lot is the voter’s sig­na­ture, which is on file with the state and with coun­ty elec­tions offi­cials. Unlike the vot­er rolls, this index of vot­er sig­na­tures is not public.

To ver­i­fy a returned bal­lot or a sig­na­ture on a peti­tion, elec­tion work­ers com­pare what they see on the enve­lope or peti­tion sheet with the sig­na­ture that is on file with the state. In the case of a mis­match on a peti­tion, the sig­na­ture is not valid.

This paper based sys­tem is not immune to fraud, of course.

Any­one read­ing this post has undoubt­ed­ly heard of forgery, and sig­na­ture fraud on peti­tions is a prob­lem that NPI has tracked for years. Still, paper-based sys­tems are much more secure than elec­tron­ic systems.

Using paper means there is a paper trail. A paper trail per­mits audits and recounts in the event of a close result or a prob­lem, like sus­pect­ed fraud.

In fact, many of the cas­es of sig­na­ture fraud we know about were caught by elec­tion work­ers who were con­duct­ing ran­dom sam­ple checks on peti­tions and found irreg­u­lar­i­ties which were turned over to the State Patrol for investigating.

It is bad enough that there are occa­sion­al­ly cas­es of fraud in our paper-based sys­tem. If sig­na­ture gath­er­ing moves online, the risk of fraud explodes. What’s more, it places anoth­er aspect of our elec­tions sys­tem at risk of cyberattack.

How do the folks at Social­ist Alter­na­tive pro­pose we authen­ti­cate peo­ple who sign peti­tions elec­tron­i­cal­ly — and remote­ly, not in the pres­ence of a circulator?

We do not want to use the sig­na­tures match­ing those kept by the state in the vot­er file as means of authen­ti­cat­ing an elec­tron­ic peti­tion — because we don’t want hun­dreds of thou­sands of vot­er sig­na­tures trav­el­ing across unse­cured net­works. Besides, sig­na­tures cre­at­ed with a fin­ger, mouse, or sty­lus dif­fer sub­stan­tial­ly from sig­na­tures cre­at­ed with paper and pen anyway.

We also don’t want to fol­low the bad exam­ple set by the bank­ing indus­try and oth­er states in using Social Secu­ri­ty num­bers and dri­ver’s license ID num­bers as a means of authen­ti­ca­tion (as Ari­zona does with E‑Qual).

Social Secu­ri­ty num­bers real­ly should­n’t be used for any­thing oth­er than pur­pos­es relat­ed to Social Secu­ri­ty, yet they have become de fac­to nation­al ID num­bers. Sim­i­lar­ly, dri­ver’s license num­bers are now used for pur­pos­es that have noth­ing to do with ver­i­fy­ing that some­one is legal­ly per­mit­ted to oper­ate an automobile.

Sad­ly, these iden­ti­fiers are fre­quent­ly exposed in data breach­es, or stolen. It hap­pens all the time. Again, as I said, it’s triv­ial — utter­ly triv­ial — to imper­son­ate some­one online once you have enough pieces of iden­ti­fy­ing information.

Will there ever come a time when it might be safe to vote or gath­er sig­na­tures online? I doubt it. The Inter­net is arguably one of human­i­ty’s great­est inven­tions, but it has as many down­sides as upsides. Its design makes it unsuit­able for cer­tain func­tions, and vot­ing is one of them. Sig­na­ture gath­er­ing is another.

I wish I could say that the Inter­net were becom­ing a safer place, but it isn’t. All the evi­dence sug­gests the Inter­net is cur­rent­ly becom­ing less safe.

Con­sid­er the so-called “Inter­net of Things” trend. A grow­ing num­ber of com­pa­nies man­u­fac­ture toys, appli­ances, and oth­er house­hold or indus­tri­al objects that are intend­ed to con­nect to the Inter­net. The soft­ware inside these “things” often con­tains secu­ri­ty vul­ner­a­bil­i­ties and nev­er receives soft­ware updates.

Iron­ic, isn’t it, that gad­gets and giz­mos mar­ket­ed as “smart” can eas­i­ly wind up jeop­ar­diz­ing their own­ers’ (or users’) safe­ty and well-being.

A stag­ger­ing 98% of IoT traf­fic is unen­crypt­ed, a new analy­sis sug­gests.

Savvy elec­tions offi­cials know all about the trends I’ve just dis­cussed. That’s why, even in 2020, elec­tron­ic sig­na­ture gath­er­ing gen­er­al­ly remains illegal.

Den­ver, Col­orado is, to our team’s knowl­edge, the only big city in the coun­try that cur­rent­ly allows sig­na­tures to be gath­ered elec­tron­i­cal­ly. How­ev­er, their “eSign” sys­tem is not designed for remote sig­na­ture gath­er­ing; it’s designed for in-per­son sig­na­ture gath­er­ing. This mar­ket­ing PDF describes it in greater detail.

NPI oppos­es Den­ver’s use of eSign; we believe its use should be dis­con­tin­ued for secu­ri­ty rea­sons. And we believe oth­er juris­dic­tions should say no to adopt­ing elec­tron­ic sig­na­ture gath­er­ing, includ­ing near­by Boul­der. Vot­ers there said yes to doing online sig­na­ture gath­er­ing, but it has­n’t been imple­ment­ed yet.

A year ago, the Boul­der Week­ly explained how the idea had run aground:

Last Novem­ber, City of Boul­der vot­ers approved a mea­sure by a near­ly 3‑to‑1 mar­gin to allow elec­tron­ic and online sig­na­ture-gath­er­ing for future bal­lot ini­tia­tive, ref­er­en­dum and recall peti­tions. That means res­i­dents want to be able to add their sig­na­ture to bal­lot ini­tia­tives, online, from home, instead of hav­ing to find sig­na­ture-gath­er­ers scat­tered about the city, sign in print, and, for the gath­er­ers at least, wait for those sig­na­tures to be verified. 

At the very least, the mea­sure allows sig­na­ture-gath­er­ers to use tablets to col­lect sig­na­tures, which auto­mat­i­cal­ly ver­i­fies sign­ers’ res­i­den­cy and vot­ing status.

There’s only one prob­lem: It’s not clear that soft­ware exists yet to imple­ment such a sys­tem. The Boul­der City Coun­cil deter­mined as much last month after talk­ing to City Attor­ney Tom Carr, a work­ing group assem­bled to research imple­ment­ing the mea­sure (Bal­lot Ques­tion 2G), and city staff.

The arti­cle went on to note:

There is a mud­died prece­dence for imple­ment­ing elec­tron­ic and online sig­na­ture-gath­er­ing. Utah, Nebras­ka, Ari­zona and Ten­nessee all attempt­ed to pass leg­is­la­tion that would allow for elec­tron­ic sig­na­ture-gath­er­ing, but all those efforts were defeated.

Two com­pa­nies that have devel­oped soft­ware to col­lect elec­tron­ic and online sig­na­tures, Ver­afir­ma and All­point Pen, have since had their efforts chal­lenged in court.

There are cur­rent­ly groups in both Ari­zona and Col­orado who are, like Social­ist Alter­na­tive, ask­ing author­i­ties there to sim­ply waive exist­ing laws and rules to allow sig­na­tures to be col­lect­ed electronically.

A spokesper­son for one of those groups — Lynea Hansen of Col­orado Fam­i­lies First — told The Den­ver Post: “It is impor­tant to note we are look­ing at all of these options only being allowed in the time of a pub­lic health cri­sis and not for them to become the way things are done in the future.”

Sor­ry, but that dog won’t hunt. The need for our elec­tions sys­tem to be secure and trust­ed arguably takes on even more impor­tance dur­ing an emer­gency like this. Sus­pend­ing laws and rules around sig­na­ture gath­er­ing and bal­lot mea­sure qual­i­fi­ca­tion just so that groups who had their hearts set on going to the bal­lot this year makes no sense, and would set a ter­ri­ble precedent.

NPI calls on elec­tion offi­cials and judges at the local, state, and fed­er­al lev­el to say no to such requests. Groups wish­ing to pro­ceed with a sig­na­ture dri­ve dur­ing a pan­dem­ic are free to explore oth­er options that are with­in the law, like the elec­tron­ic dis­tri­b­u­tion and phys­i­cal return of peti­tions. And they should.

They’d also do well to remem­ber that the pan­dem­ic has dis­rupt­ed a great many things, includ­ing peo­ple’s liveli­hoods. It’s not just their plans that are affected.

Adjacent posts

  • Enjoyed what you just read? Make a donation


    Thank you for read­ing The Cas­ca­dia Advo­cate, the North­west Pro­gres­sive Insti­tute’s jour­nal of world, nation­al, and local politics.

    Found­ed in March of 2004, The Cas­ca­dia Advo­cate has been help­ing peo­ple through­out the Pacif­ic North­west and beyond make sense of cur­rent events with rig­or­ous analy­sis and thought-pro­vok­ing com­men­tary for more than fif­teen years. The Cas­ca­dia Advo­cate is fund­ed by read­ers like you and trust­ed spon­sors. We don’t run ads or pub­lish con­tent in exchange for money.

    Help us keep The Cas­ca­dia Advo­cate edi­to­ri­al­ly inde­pen­dent and freely avail­able to all by becom­ing a mem­ber of the North­west Pro­gres­sive Insti­tute today. Or make a dona­tion to sus­tain our essen­tial research and advo­ca­cy journalism.

    Your con­tri­bu­tion will allow us to con­tin­ue bring­ing you fea­tures like Last Week In Con­gress, live cov­er­age of events like Net­roots Nation or the Demo­c­ra­t­ic Nation­al Con­ven­tion, and reviews of books and doc­u­men­tary films.

    Become an NPI mem­ber Make a one-time donation