It has made me think recently about why our voting system takes so long to produce results. At my little fire department, I was handed a piece of paper and then sent over to a booth with a pen to fill in a bunch of circles. Then, just like my teachers did back in the 1990’s, I fed the piece of paper into a “Scantron” that read my answers. That’s 40-year-old technology at work right there. Then there are all of those mail-in ballots that have to be counted similarly. Technology could be used to fix this, right?

One of the biggest obstacles to implementing more voting options is verifying identity of the person who is voting. There has been a lot of focus on voter fraud in the past decade, and honestly, rightfully so. Until this year, I walked up to a person at a desk, told them my name and address, and they handed me a ballot. If I had really wanted to commit a federal felony, I probably could figure out a way to beat that system. North Carolina added in an ID requirement this year, and I had to show a state ID card, but come on, we all know how easy those are to get around also. Historically, there has been little evidence to show that people abuse the current voting system, but if the system were to change, it could be easier to do, especially from outside of our country’s borders.

It comes down to a balance, just like anything security related. Adding in an ID check in North Carolina certainly meant some people could not vote that should be able to. But those that did were more securely identified, so it’s a tradeoff.

In our Internet world, identity management is a huge issue. Let’s just look at correspondence and how that’s changed with the Internet. If I were to write a letter, put it in an envelope and mail it to you, I would sign it proving that I wrote it. You could also look at the handwriting to see if it looked like mine, but whether it was a wax seal or a signature, we could verify who sent it by something tangible on the page. Once email was invented, there wasn’t a tangible thing to prove who sent it anymore, it’s just 0’s and 1’s. So, we use our email address as a signature. If it comes from nate@nordicits.com, then Nate sent it.

From the start in 1980, email had an identity problem. All I needed to do was tell the server “from: nate@nordicits.com” and it was from me. We’ve been fixing that ever since. We started with SPF in the early 2000’s, then DKIM around 2011, and DMARC in 2015. These are all ways to verify the “from:” line in an email is coming from you. They’re behind the scenes, so unless you administer mail services, you’ve probably never heard of them. But they have made it safer, and much harder in turn, to send emails. And when Gmail and others started requiring that security this year, some legitimate emails didn’t make it through to their destinations anymore.

The other identity issue is who is allowed to access your mailbox. Having a password was easy enough. Something like “password” may have been your first. But then we said, “that’s not hard enough to guess” so we made you add “complexity.” Your second password may well have been “Password1” since you needed a capital letter and number now. But even that was too easy, so more password rules have been coming, even using AI to figure out if your password is too easy to guess. Now passwords have not only become more infuriating to users as their complexity grew, but also less secure as people resort to writing them down on sticky notes on their desk. Enter Multi-Factor Authentication, now the gold-standard of security. You not only need a password, but also a “thing” be it an authenticator app, rotating key generator, fingerprint, or registered device. Great, more secure, but we get even more support calls about it because it’s harder.

I can’t imagine the size of the help desk we would need to implement voting with that level of identity management.

-Nate