“In other words the machines, you put down a Republican, and it registers as a Democrat” Donald Trump, Republican who still won the “rigged” 2016 US Presidential election
France provides the option of e-voting remotely (“le vote par internet”) for its citizens living abroad, like me. The option is currently avaible for two types of French elections: the legislative elections and the election of consular representatives. I keenly contributed to a recent large scale test of the French Government e-voting service ahead of the 2017 legislative elections. It was my first e-voting experience. It triggered some reflections, research and some debate with cyber security peers.
The state of e-voting around the world
Electronic voting, or e-voting, is about computerising the voting process to some extent. There are two main scenarios:
- Computers are used at traditional voting centres to process the collection and the counting of ballots. Voters still go to a voting place to cast their votes. The ballots may be captured on computer screens or they can still be paper-based and processed electronically for counting purposes.
- Voters can vote from anywhere over the internet, using a Web browser and within a constrained period of time.
France is amongst a list of countries testing, piloting and expanding e-voting services. References of e-voting around the world include Wikipedia’s Electronic voting by countries and the National Democratic Institute’s Electronic Voting and Counting around the World.
My observations include:
- Very few countries have adopted large scale e-voting services, and those that have are mostly developing countries (e.g. India & Brazil).
- A good number of Western countries that have piloted and implemented e-voting services, such as Australia, the UK, Italy, Germany and the Netherlands have discontinued or curbed their programs. Reports include:
Netherlands: “unlawful“ applicability of e-voting, “the time wasn’t ready for voting over Internet”, the deputy minister for interior said she would “ban electronic voting” following recommendations of a committee.
- Germany: “while the systems usability was widely accepted, public distrust of the system was evident”, Germany ended electronic voting in 2009, with the German Federal Constitutional Court finding that the “inability to have meaningful public scrutiny meant that electronic voting was unconstitutional“.
- Key issues associated with e-voting are reported to include:
- Legal & Constitutional incompatibilities
- Transparency & integrity, primarily related to the reliance on digital records only
- Trust and public opinion
There are also many reports of vulnerable e-voting systems, such as:
- France: E-voting system used in French election is flawed
- US: Voting machine password hacks as easy as ‘abcde’, America’s Electronic Voting Machines Are Scarily Easy Targets and Meet the e-voting machine so easy to hack, it will take your breath away.
The opportunities of e-voting
E-voting provides the following opportunities (CeBIT blog):
- Provide election results within minutes of the poll closing
- Eliminate the need for postal voting
- Reduce the number of informal and donkey votes
- Reduce election costs
- Provide effective identity validation
- Allow for people with disabilities to vote independently
- Improve the voting experience
I would also add that the logistical simplification and the real-time nature of remote e-voting technology may provide a tremendous opportunity to consult easily and more frequently with citizens, further empowering them in political decision making processes. In an extreme case, we can imagine a referendum organised on the spot (referendum-aaS) soliciting the opinion of citizens in real time using a mobile app. A great opportunity to further empower citizens, a scary thought at the same time (“Click yes to support the invasion of such country now”) and a certain change to democracy: the e-democracy. In Australia, I recently came across the following initiative: MiVote.org.au, which is expected to soon publish a mobile app allowing users to have a better view on key issues and to have a say on where they want their country to go in real-time. I’m very much looking forward to it.
As a citizen and a taxpayer, I certainly appreciate the value in reducing election costs and in improving the voting experience, especially for a young digitally-wired voting population. More people voting is better for democracy and I believe e-voting can make a difference. I also appreciate the logistical benefit for overseas citizens, like when I vote for the French elections remotely from Australia. It really simplifies the process.
As a cyber security professional, the effective identity validation is a big deal for me. In Australia, there is no effective identity check conducted in voting centres. I come in, state my name and address and I vote – no questions asked, no proof of identity required at all, nothing to show. e-voting can certainly provide an opportunity for improvement in identity verification.
The risks of e-voting
Security is the obvious risk. It certainly seems that everything can be hacked, and so can e-voting solutions. There is an undeniable risk about it and securing “well-enough” electronic elections can come at a high cost and effort, and it would still incur a residual risk of probable high impact, if not only from a public opinion and trust point of view.
CeBIT blog: “Security vulnerabilities threaten to jeopardise the integrity of an election or bring it to a grinding halt. The potential for third-parties to access the systems, expose votes to the public or change them entirely, threaten a staple of democracy: the secret ballot.”
In addition to concerns about integrity and confidentiality, the actual availability of remote e-voting services, such as the one I contributed to test for the French Government, is at high risk of Denial of Service (DoS) attacks or operational stuff-ups, like with the recent example of the Australian 2016 census “debacle”. Imagine an election process fully stopped through an unavailable centralised remote e-voting service: a democracy put to e-ransom.
An option to manage the risk is transparency: use open-source technology, be very transparent on the design and the testing and offer the opportunity to willing citizens to make their own opinion about it and importantly to contribute to testing (e.g. the French test I have contributed to) and eventually raise vulnerabilities. It is also a way to involve citizens in the solution, and it may allow to better manage the risk of public opinion if anything goes wrong.
Impractical security impacting the ability to vote
I have had an interesting experience with the French e-vote test I contributed to. I couldn’t vote. I got stuck on an issue with two-factor authentication over SMS. I didn’t receive a special code I needed to submit my vote, because an old mobile phone number of mine was registered to the account and I couldn’t change it (or see it). The mobile numbers were provided by the French Consulate (Sydney Consulate in my case) directly to the e-voting service, based on the Consulate records on file as I understand it. There was nothing I could do to see what mobile number was associated with the account, and nothing I could do to change it during the timeframe of the e-vote.
Some could see a security plus with a fixed target mobile phone number invisible trough the UI. I see a process issue, a poor user experience and the missed vote of a keen citizen in this instance. It was a test e-vote, which was surely designed to flush cases like this one. I certainly provided feedback and I hope I can vote effectively through the service later this year.
Civic culture change
There is something civic and social to the ritual of attending physical voting centres, with your partner, children and friends, queue for your turn to vote and grab a coffee, a burger or a hot sausage on your way out. That’s the way we do it in Australia. e-voting, from anywhere at anytime, on your own definitely is a different experience. A less civic experience perhaps?
I think this is just a matter of time for large scale remote e-voting services. The upcoming population of voters is pretty much digitally-wired from birth. It’s a no brainer. We just need to manage it as well as we can and I think transparency is a key element to it.