By Deborah Goonan, Independent American Communities
A reader with expertise in cybersecurity recently wrote to me about his disturbing HOA experience with e-voting.
Anthony M. Rutkowski, Executive Vice President for Yaana Technologies, has extensive professional experience as a lawyer and information technology engineer. He is principal owner of Netmagic, LLC, and a Distinguished Senior Research Fellow at the Georgia Institute of Technology’s Center for International Strategy, Technology, and Policy (CISTP) at the Sam Nunn School of International Affairs.
Suffice it to say, Rutkowski knows a little something about cybersecurity as it relates to electronic voting systems used by governments in the U.S. and around the world.
In his recent blog post, Rutkowski shares what he learned about his the e-voting contractor hired by his Virginia homeowners association.
Is e-voting a magic bullet?
HOA-industry trade groups, and several prominent law firms have been promoting e-voting as a sort of magic bullet for apathy in HOA-governed communities.
On the plus side, according to HOA attorneys, e-voting eliminates the need to print and mail paper ballots, and it encourages greater voter participation by out-of-town HOA members and others who do not attend the annual meeting.
But Rutkowski cautions, there are several serious security issues with e-voting.
For one thing, state and federal laws do not set security standards for voting electronically. Just about anyone can set up an e-voting business, virtually anywhere in the country, without any professional or technical certifications.
Obviously, that leaves cyber HOA elections vulnerable to hacking, vote rigging, and other mischief. And, with no paper ballot trail to verify the outcome of any corporate or non-profit election or amendment process, how can unit owners rely on the integrity of the vote?
The simple answer: they cannot.
Who collects those e-votes anyway?
When Rutkowski tracked down the destination of his own e-vote, here’s what he discovered:
It turned out the e-voting provider was actually a one-person Oregon company that had been administratively dissolved for several months; that its headquarters was a small local law office, and the mailing address was a strip mall UPS mailbox. Technically, the service was being run on a server in a small Salt Lake City office, and the purported online security was a free 3-month quickie digital certificate that involved no identity checking. The balloting process also involved a “registration” screen to capture homeowner information with a link to a Florida LLC also run out of a UPS mailbox on a local server. Although the Oregon provider’s online brochure suggested it had many satisfied customers, the server in Utah revealed only one other HOA customer in Texas.
Not too surprisingly, when Rutkowski checked the official meeting minutes of his HOA, he learned that the board approved its e-voting contractor without any background check or competitive bidding process.
HOA leaders apparently accepted, without question, the recommendation of their esteemed HOA manager. Just like that, the contractor was hired to handle the HOA’s annual election as well as a special vote to amend its Covenants, Conditions, and Restrictions (CC&Rs).
The amendment e-vote was conducted prior to the annual HOA election. Needless to say, the results of that vote remain controversial.
On the bright side, after the HOA was made aware of the questionable status of its contractor, the board changed its tune. The HOA reverted back to the paper ballot system for their annual election.
The uncertain future of e-voting in HOAville
Rutkowski advises governing bodies at all levels, especially hyper-local HOAs, to proceed down the e-voting path with extreme caution.
He points out that even seasoned experts have not completely figured out how to prevent fraud and cyber hacking of electronic votes.
Until the technical wizards figure out how to prevent election rigging in cyberspace, it’s best for HOAs to stick with the tried and true paper ballot systems. ♦
Securing HOA and Condo Elections: how State legislatures placed HOAs at risk
By A. M. Rutkowski
About a decade ago a kind of e-Voting technology euphoria emerged in many State legislatures that resulted in statutory amendments enabling the use by Homeowner Associations of essentially any kind of electronic voting scheme they wanted to employ. Typical was Virginia’s 2010 amendment to its Property Owners’ Association and Condominium Acts that enabled “Voting, consent to and approval of any matter under any declaration or bylaw provision or any provision of this chapter may be accomplished by electronic transmission or other equivalent technological means….”
The problem, however, is that there are no standards, certification mechanisms, or regulations of any kind that apply to providers or such e-Voting services. Anyone, anywhere in the world can set themselves up as an e-Voting provider. Worse yet, in the past several years, it has become quite apparent that e-Voting systems are highly susceptible to innumerable cybersecurity and fraud vulnerabilities that are almost impossible to remedy even with significant resources at Federal and State levels.
Those at the bottom of the government food chain – State chartered Homeowner and Condo Associations – are at the greatest risk. They typically have the least resources to maintain essential integrity of their e-Voting systems. They have also tended to be the victim of unscrupulous management contractors who encourage these Associations to switch from paper to e-Voting systems so they can earn extra income and promote e-Voting contractors with whom they have business relationships. The results are e-Voting debacles that place election and declaration amendments results at risk. When even large cities and States have fallen back to the trustworthiness of paper-based systems, there is no rational basis for HOA/COAs not doing the same. Furthermore, paper-based systems automatically provide a trusted audit trail, require no special legal or technical skills, auto-determine voting rights for each property, meet disability act requirements, and highly cost-effective.
With new legislative sessions now getting underway in many States, it seems appropriate to now recognize the extreme e-Voting vulnerabilities inadvertently created which have placed HOAs and COAs at risk and rescind the State statutory provisions adopted. While such systems with regulation and certification may be acceptable for informal polls, they are wholly unsuitable for fundamental governance requirements. Additionally, at the Federal level, Congress needs to bring the lowest level local governmental entities like community associations under the protective umbrella of elections cybersecurity protection.