Risk and the Internet

by Marc Rounsaville on February 28, 2012

Earlier this month Politics of The United States (POTUS) radio aired a story (a rebroadcast of a PBS Newshour show of 2/16/12) on the potential use of internet voting in American elections. I was fascinated that the journalist’s main points focused on the associated risks and consequences of taking this democratic process online.  With an average of 48% of Americans voting in elections according to Wikipedia, it seems like the logical next step to increase participation.  After all, we shop, bank, email and do a host of other things on the web without much worry. So what is the problem?

Money? Elections cost money why not redirect some toward internet voting.

Skills? Voters and vendors are adequately skilled in both using and delivering internet voting. http://www.scytl.com/en/customers-c-10.html.

In part, it is the perceived risk that internet voting will lead to election fraud or tampering. Washington, DC planned to provide internet voting in a recent election. Most of the measures were in place, the system was ready and officials were excited to be the first to offer this in America. There was only one thing left to do. Test the firewalls to ensure the system could not be “hacked”. A university professor took the challenge to his students that subsequently bested the system in 36 hours. Oops. Needless to say there still has not been widespread internet voting in America.

Two risk perception tenets impact this decision:

The first tenet is we tend to accept less risk when faced with a decision to start something new  We hold ourselves to a higher standard even though our current, normal, daily activities might put us at the same level of risk.

This is the case with internet voting.  The firewall tests were designed to ensure that voting would be 100 percent secure.  However, the current voting system already has some level of fraud or tampering albeit quite low. Polling sites only require voters to present an ID and a voting card.  This rudimentary check doesn’t guarantee 100 percent security, and is more dependent upon the individual rather than the system yet we have accepted that level of risk because it is embedded in system currently in place.  And while we might never be able to detect identity fraud in the case of the current election system, it could be argued that internet voting allows us to implement mitigation measures against hacking.    http://www.brennancenter.org/content/resource/policy_brief_on_the_truth_about_voter_fraud/  .

The second risk perception tenet is that we tolerate lower risk when the decision could lead to a high consequence outcome.  When we face a decision with an important outcome we tend to take more time, ask for more data and seek more reassurance that we are making the “right” decision.  We also want better odds or a higher probability of the outcome being in our favor.  When we perceive risk in this way we miss the points that “no decision is a decision” and that more information may not improve our decision quality.

In the case of the internet voting story, the DC officials knew that there was potential for a hacker to change the outcome of an election.  Immediately the story jumped to consideration of terrorist attacks or  or some nefarious entity benefiting from flipping an election.  However, our current system is subject to the same outcome.  In a really close election, a few fraudulent votes could be the difference between one candidate and another. So how can you avoid these traps?

First, take a moment to reflect. Step out of the moment and check if there is a standard of decision we have used in similar situations in the past. In the internet voting case it is obvious the current system is not totally secure.  We accept some level of potential fraud (risk) now. We know the system is not infallible. So why would we expect perfection in the new system?

Next, consider whether you are accurately assessing the perceived consequences. Ask yourself if you are putting more weight on the consequences than the probabilities warrant. Are you maintaining a reasonable level of concern regarding the consequences?

Bottom line: risk = probability x consequences.  While you should consider the potential outcomes and probabilities of your decision, are you assigning them more weight than they deserve?  Where are your boundaries?

Previous post:

Next post: