It is the day after election day, and somehow it will not be possible to not post about the presidential election yesterday. By this time, it is pretty clear that Obama has won the election and I absolutely congratulate him for this. Since I am still a Dutch citizen living abroad, I am not allowed to vote, which at this moment I am still happy about – although from a responsible perspective, I should not. But I am not a Republican, I am not a Democrat. Personally, I think here in the US it is too much one or the other and independent parties are still too small here. And anyone in the race for president who wants to have somewhat of a backup, still takes sides with one or the other in the final battle for presidency. Personally, I would have voted for Obama myself, even though I don’t agree with everything he stands for, I support more of his ideas than I support Romney’s ideas. Don’t hate me for it, that is how we all have the right for our own vote.
There we go.
Electronic voting again has proved to be a disaster this year. And you know what, it is not only the US that has this problem. I haven’t heard from any electronic election that went flawless. But I am still surprised how it could be such a disaster. I do know why this usually is, but it is just completely strange that we can do anything digitally, but are not able to just handle a simple radio-button system.
The reason, more or less, is that the elections are too much of a risk. There is too much at stake. The election system itself should most likely be the most simple online system ever created. But since this is something that hooks up to the whole country, all the political parties, all the districts, and all the voters, there is a lot that will go wrong. So, instead of bashing upon the creators of the system, I actually would like to express my sympathies to them.
Dealing with politics in IT is a pitfall. Anything that has to do with any way of government might be a bigger problem than a lot of people might realize. Handling a political website is not too bad, since it does not really have any underlying functionality. The problem is, when any kind of automation or operative functionality needs to be implemented.
As you might know, the government is not a thing that can change easily. Not in any way. The reason why I would have voted for Obama is because, after the mess that he was dealt 4 years ago, he had to make the changes. And changes take a long time to provide results. And getting out of a political and financial mess, takes drastic changes. And no one likes these, and at first will hurt the country more to heal properly over time. I think Obama took a couple of good steps, let him finish his job. Look at Europe. Yesterday the European Union declared that the changes for rebuilding the financial imbalance in Europe will take harsh measurements now, that will impact the people drastically. And the problem is, they will not expect to see the full fruits of this change within five years. It simply takes long. Taking a flu-shot will make you sick now, to prevent you getting worse during the winter.
So, changes are hard, and difficult. They need to be approved by so many parties, so many red tape will be unleashed, and there are always people who don’t like change. But change sometimes is necessary. IT makes it even worse; IT changes fast. Getting corporations to keep up with the pace of developments in IT is already a burden. But keeping the government up to speed is downright impossible.
My company’s motto is; if it is not supported by the manufacturers anymore, I will not support it either. And yes, I deal, and have dealt, with many political and government clients. How many times I haven’t received the call that a site did not work, only finding out that the people were using Windows XP with IE 5. And this was last year!
I know the government doesn’t have the time and money to upgrade. But we all know there is a huge problem here; security. There is a reason why I usually upgrade to the latest OS within weeks of its arrival, the security. In the end, I don’t care about the user interface too much, my stuff needs to be as secure as possible, and you have the best bets with that with a new OS. The reason why is not that there is always the possibility of bugs in the early stage of deployment, but that the manufacturer will do anything to keep their flag-ship OS positive in the news, and fix the problems sooner than later. This is also one of the reasons why I stick with Microsoft and Windows, simply because they do have the best track-record in fixing problems in their system and support.
I like to keep my things secure. But, thinking about it, the government handles your most delicate information. And believe me, not all elements of the government are up to date with their IT department and network. Sure, I believe (I hope!) that the FBI and CIA run a pretty up to date and secure network, but the weakest link might be the local town hall in Hermetsville, OH, where they have a problem migrating Bertha, who has handled the social security information for 120+ years now on paper, and she finally knows how to turn on a computer.
The government and IT are not a good mix. They should be though, but they are not. Anyone working in a big corporation knows that there are so many different systems running to keep all the gears turning. Think of that, and now multiply that by a 100-some number. THAT is the amount of systems the government has running. And a lot of the stuff that is running there, is not able to upgrade to run on Windows 8 for example. Probably not even on Windows Vista. Heck, believe me, Windows 2000 is not yet removed out of the world yet.
To get everything approved to upgrade will cost a lot of lobbying, time and money, and there will be a lot of resistance anywhere along the way. People don’t want to change the way they work. Especially not if it works right now.
Then, if there has been the decision of upgrading, there is this whole game of choosing who will build it, who gets the money, and who will decide. If we would have all the money in the world to do the massive upgrade for the government right now, I guarantee you that it will not be finished within at least 10 years.
Back to the elections.
So now that we know that there is a lot of problems in the default system that forms the IT in the government, everyone will have a say in the election electronics. Getting all the parties to agree will already be a pain in the darkest part of your body. Even if you would only mention the republicans and the democrats. Even if only they would be the only parties to deal with, it will be a disaster for an IT company to do this work, because one party is always afraid for a favor of the other. So, most likely, there will be at least two consultant bodies of both parties involved in any decision made. That means meeting after meeting, and when building a prototype a complete rebuild because no-one wants to agree.
And this is in the ‘dream-scenario’ where there are only two parties involved. The reality is, that there are a lot more. But let’s say, even if that goes all fluently well, and both parties agree on everything so the developer can build the thing into the beautiful system it is, disaster will strike.
The presidential elections are too high risk. We are not voting (well, you, since I am not allowed to vote) for a president alone. We are voting for earning and spending of billions of dollars a day. People get filthy rich because of one choice, as well as people get poor as well. And even so with the other choice. Companies can rise or fall. It is a too high stakes kind of game. Believe me, security is the big issue here.
And we are not talking about a cross-site scripting leak in the system that will be built. We are talking about massive DDoS attacks taking the systems down, physical theft, back-doors in the system, malware on the drives, broken SSL certificates, or a browser that is not up to date that will be exploited.
Keeping the data safe is a good thing, but will take effort. It is not impossible, not at all, but it is hard. But besides that, than there is the way of transmitting the information. Is the system sending it at every vote? Or will it be sending it in packages? Will the system check if the packages arrived correctly and syncs them to make sure they have not been tampered with? What happens if the connection stops? What happens if the power fails? And if so, what happens if it comes up again?
A voting system arguably should be simple. Every half-wit of a developer can build a poll system or a voting site. But making it good, dealing with the governments outdated security protocols, dealing with all the input from everyone who wants to have their say with the system, it will be a pain.
Still. People fail to realize that paper is a far more vulnerable system. Although it is simple; it is a physical thing that you can hold, see, and handle. Once it is gone, it is gone. Digital data can be restored, paper that is gone, well, is gone. Adios.
Still, I think the elections will be electronic-less for the next 2-3 elections before doing it online will become main-stream. And I already feel sympathy for the company who will be responsible for building it.