Internet ballots won't inspire the lazy, and the Americans have already found how easily they can be hacked

Talk about admitting defeat before the race is over. Instead of trying to inspire voters to get out and do their democratic duty in a few weeks, Local Government Minister Chris Tremain has as good as conceded turn-out is going to be poor.

This week, he's announced a trial of online voting in the 2016 local authority elections as a way "to encourage people to become involved in the democratic process."

Voting via the internet, he says, "will be more convenient and appeal to young voters. It will also make it easier for people with disabilities to vote".

Local Government New Zealand president Lawrence Yule echoed these wishful hopes.

Advertisement

But overseas trials don't appear to back their optimism. In a 2009 poll for the Honolulu Neighbourhood Board, for example, there was an 83 per cent drop in voter participation when Oahu voters had to vote by telephone or internet, rather than cast a paper ballot.

But even if internet voting was served up as another option, alongside postal and polling booth voting, and did prove to be a hit with the young, there's no evidence to suggest your e-vote will be safe and secure as it wings its way from your laptop to Election Central, or that when it arrives, it won't be prey to malware, or direct external interference.

Mr Tremain is promising an expert working party of information technology gurus and government bureaucrats.

"Robust regulations need to be in place so voters have trust and confidence in the system," he said.

"The working party will be assessing the security and technology used in public elections overseas to mitigate risk."

The minister could save us all some money and time by Googling a copy of "Attacking the Washington, DC internet Voting System," by University Michigan computer science professor Alex Halderman.

In 2010, the District of Columbia set up a trial online voting system, designed for use by absentee voters in the general election that year, and issued a challenge to allcomers to test the system and see if they could "compromise its security".

Professor Halderman and two graduate students took up the challenge, and within 48 hours of the the system going live, "had gained near complete control of the election server".

He told a conference later that they soon found an error in the source code that "allowed us to completely steal the election".

Not only did they reverse all the votes already cast, they installed a "back door" so they could monitor all subsequent votes and identify who had cast them.

To rub it in, they left a "calling card" - a recording of the University of Michigan's fight song The Victors which played after a vote was cast.

It took election officials two days to realise something was amiss. The Michigan team have the officials' shocked reactions on tape - they also commandeered the security cameras guarding the election computers.

The upshot was, the planned internet-voting was abandoned.

For Professor Halderman, succeeding in seizing control, unmasking secret ballots and altering the outcome of the mock election supported "the widely held view among security researchers that web-based electronic voting faces high risks of vulnerability, and it cautions against the position of many vendors and election officials who claim that the technology can readily be made safe".

Advocates argue that we happily bank over the internet so why not vote. The difference is that banking is transparent - customers can follow the money trail, and in case of errors or malfeasance, or cyber-attack, the banks will correct and compensate.

But with a secret online ballot, you can only trust that your privacy is protected and your vote correctly recorded and counted.

Trials around the world suggest that like postal voting, internet voting is not the hoped-for antidote to voter laziness. If someone is not going to fill in a ballot paper, delivered to their letterbox with a free post envelope, why would being able to vote online make any difference?

After the Washington DC backdown, last year the United States Department of Defence abandoned a $28 million internet voting system for overseas military personnel after it, too, was found to be vulnerable to cyber-attack.

If the US war machine can't protect itself from cyber-attack, what chance has the New Zealand Electoral Commission of being able to do so?