Democracy for the Internet of Things

democracy iotIn the past I’ve written a number of times on the way that the IoT potentially changes the relationship between governments and their constituents – and a profound change that will be. Yet, this change is a two way street and perhaps the IoT will open the door to a more direct kind of democracy, where citizens and government are more intimately and inextricably linked.

An August 2016 article published by the Pew Research Foundation lamented the consistent, but poor election turnout of voters in the United States –it continues to hover in the low 50s as a percent of population. Even subtracting people who are ineligible to vote only bumps it up a few percent. Other developed countries can boast turnouts well over 80 percent, such as Sweden or South Korea.

When asked why they don’t vote, people have a range of reasons, according to Fortune Magazine’s Laura Lorenzetti, including: it’s difficult to get the time off work to vote, getting to the polling station is difficult (especially for older voters), or the registration process is complex or confusing.

The non-partisan US Vote Foundation’s report on Internet Voting, (and the use of end-to-end verifiable internet voting (E2E VIV), suggests that many of these issues could be dealt with by online, electronic registration if it was transparent, easy, and secure. This idea got me thinking:

Could the IoT present an opportunity to deliver democracy to the doorstep of every citizen, globally, in way that meets those requirements?

Could intelligent devices already in our homes, cars, and potentially even wearables, provide a direct connection between us, the citizen, and the process of driving democracy? Maybe.

Before we start lobbying for an online voting process, we have to think about the requirements: transparency, easy to use and secure.

Transparency – An online voting process must be transparent so we can trust it, even as we keep the voting activity private.

This is by no means easy, but in the same way that encryption algorithms are strongest when publicly vetted and reviewed, so the process for presenting voting choices, capturing the vote, and delivering the results in a secure, verifiable, and private manner to the voting authorities could be equally public. The heart of the process, after all, will need to be secure communications, and that is at least something well understood.

Easy to Use – Given the level of investment in understanding how humans like to interact with smart objects, this is unlikely to be a problem at the end point itself. However, the way in which we connect those objects to some kind of voter preference infrastructure may not be simple to implement and could, in theory, make the *process* difficult even if the interactions with a smart device are easy.

Additionally, we would need to be very clear on how things like authentication work. How do I prove I am who I say I am, when I’m talking to one of my own devices, sitting in my own home? Layering lots of complex authentication around what should be a simple process could quickly result in the exclusion of less tech-savvy voters, especially older voters who may feel threatened by the process.

Security – This is the big one. Primarily, the security concerns revolve around the need to protect the endpoint from attack. After all, if we’re going to allow people to vote from some kind of client device, it’s likely that device will be owned by the voter, and therefore subject to all the weaknesses in security we already see in personally owned technology, especially vulnerability to malware. And, make no mistake, malware is the issue here. Malware designed to disrupt, interfere with, or suppress voting is essentially a national security issue, and needs to be taken very seriously. Protecting any home-owned voting device (or a device that is capable of acting as a vote-capture technology) would have to hurdle this significant barrier, and do so in a way that is visibly, verifiably, effective.

So the challenges to smart objects becoming our route to voter engagement are considerable, but not insurmountable. Specifically, the IoT offers some unique ways to counter the issues described above.

First, we are rapidly becoming wrapped in a permanent blanket of smart objects. These objects already deliver virtually seamless interaction with online services, and will quickly expand that to social services, such as first responders, and then ultimately to the wheelhouse of democracy at the voting booth.

Second, the technology to connect smart devices to online registration and voting is really not that complex, and the methodologies could be public and transparent.

Finally, critically, the range of devices, even operating in a single home, communicating with each other and with other services, would offer a degree of resilience to attack that single device, monoculture implementations do not. Corrupting a single device in my home might be quite possible. Enabling attacks against a wide range of devices, at the same time, to undermine the fabric of authentication and verification in a location, would be extraordinarily difficult. Devices could potentially identify when other devices are “suspect” and could act in concert to verify a critical transaction such as, say, my preference in a Presidential election, with far greater reliability than any single element, device, or sensor.

Yes, this approach requires a lot of cooperation among manufacturers, and it also opens up a lot of questions on privacy and manageability. But none of these are, again, unsurmountable. Far from it.

And a world in which, instead of just yelling at the TV during a debate, we could actually make our thoughts heard, and felt, by our political leaders, seems to be one that, in the words of Abraham Lincoln, would go a long way to forming that “more perfect union.”
Of course, none of this really helps people make better choices about who to vote for, but that’s another story…