tag:theconversation.com,2011:/uk/topics/e-voting-8260/articlese-voting – The Conversation2023-03-17T12:29:59Ztag:theconversation.com,2011:article/2017512023-03-17T12:29:59Z2023-03-17T12:29:59ZEstonia’s e-governance revolution is hailed as a voting success – so why are some US states pulling in the opposite direction?<figure><img src="https://images.theconversation.com/files/515523/original/file-20230315-20-f7nh74.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Estonian Prime Minister Kaja Kallas reacts to e-vote results on March 5, 2023.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/estonian-prime-minister-kaja-kallas-reacts-after-the-news-photo/1247815927">Raigo Pajula/AFP via Getty Images</a></span></figcaption></figure><p>Estonia, a small country in <a href="https://data.un.org/en/iso/ee.html">northern Europe</a>, reached a digital milestone when the country headed to the polls on March 5, 2023. </p>
<p>For the first time, <a href="https://news.err.ee/1608904730/estonia-sets-new-e-voting-record-at-riigikogu-2023-elections">over 50% of voters cast their ballots online</a> in a national parliamentary election. </p>
<p>As a <a href="https://scholar.google.com/citations?user=UZaVLvIAAAAJ&hl=en">political science researcher</a> who focuses on elections, I was in Estonia to learn about the process of internet voting. In the capacity of an international election observer, I visited standard polling places and also attended the final internet vote count held in the parliament building. </p>
<p>As someone who also regularly volunteers as a poll worker in the United States, I found the contrast between Estonia’s integrated information systems and internet voting, and the patchwork system operating in the U.S., to be notable. And with several U.S. states <a href="https://www.npr.org/2023/03/06/1161374479/electronic-registration-information-center-eric-florida-missouri-west-virginia">withdrawing from the Electronic Registration Information Center</a>, or ERIC, that contrast is growing sharper.</p>
<p>I believe Estonia offers America an important example of how information sharing can be used to enhance the integrity of elections.</p>
<h2>Estonia’s e-governance system</h2>
<p>Estonia has long been seen as a pioneer in digitizing the democratic process.</p>
<p>Internet voting, which <a href="https://doi.org/10.1016/j.giq.2022.101718">began in Estonia in 2005</a>, is just a small part of the e-governance ecosystem that all Estonians access regularly. Using a government-issued ID card that allows Estonians to identify themselves and securely record digital signatures, they can register a newborn baby, sign up for social benefits, access health records and conduct almost any other business they have with a government agency. This ID card is mandatory for all citizens.</p>
<p>Central to the success of Estonia’s digitization revolution is a secure data-sharing system known as the <a href="https://e-estonia.com/solutions/interoperability-services/x-road/">X-Road</a>. </p>
<p>Government agencies collect only the personal information they require to provide their services, and if another agency has already gathered a piece of information, then it is accessible through the X-Road. In other words, each piece of personal information is collected only once and then shared securely when it is needed. A person’s home address, for example, is collected by the <a href="https://www.siseministeerium.ee/en/activities/population-procedures/population-register">population register</a> and no other government entity. If it’s needed by election administrators, health care workers, a school or any other agency, those organizations request it from the population register online.</p>
<p>So, imagine that you are applying for admission to a university, which requires both your date of birth and your school grades. These are stored by two different agencies. By using your ID card, you can auto-populate <a href="https://www.sais.ee">the application</a> using data that the system instantaneously pulls in from the two agencies that store that information. </p>
<p>Because of this information sharing, election officials know who is eligible to vote and which online ballot they should receive no matter where they live in the country.</p>
<h2>A decentralized approach in U.S.</h2>
<p>For many reasons, the U.S. system of election management is very different from Estonia’s, and <a href="https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2021/02/17/despite-security-concerns-online-voting-advances">online voting is rare</a>. </p>
<p>Developing and maintaining an e-governance system requires technical, political and social forces to align. Because each U.S. state manages its own elections, and decisions can vary at the county level or below, it is difficult to envision a consistent technical solution. It is also more challenging to coordinate a solution across such a large country and <a href="https://verifiedvoting.org/internet-voting-faq/">safely implement secure online voting</a> given current U.S. internet voting technology.</p>
<p>Additionally, concerns about federal interference in state matters have prompted political and social pushback on <a href="https://www.heritage.org/election-integrity/report/destroying-election-integrity-the-unnecessary-and-unconstitutional-john-r">recent election reforms</a>. Public consensus on instituting a nationally mandated electronic ID similar to the one that forms the foundation of Estonia’s internet voting appears unlikely. </p>
<p>Research shows that most <a href="https://doi.org/10.1016/j.giq.2022.101718">Estonians trust their e-governance systems</a>, although there are skeptics. Some critiques focus on <a href="https://gafgaf.infoaed.ee/en/posts/perils-of-electronic-voting/">perceived security shortcomings</a>. </p>
<p>The internet voting process has also become politicized. In the most recent election, one political party that had discouraged its voters from using online voting – and unsurprisingly trailed its rivals in the online count – challenged the process in court. Its <a href="https://news.err.ee/1608911129/estonia-s-supreme-court-rejects-ekre-s-e-voting-election-complaint">effort to annul internet voting</a> failed. The U.S. witnessed a similar dynamic around <a href="https://www.scotusblog.com/2020/10/supreme-court-leaves-in-place-order-requiring-pennsylvania-to-count-absentee-ballots-after-election-day/">absentee ballots in the 2020 elections</a>.</p>
<figure class="align-center ">
<img alt="Long line of people standing outside waiting to vote" src="https://images.theconversation.com/files/515527/original/file-20230315-28-ry6ind.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/515527/original/file-20230315-28-ry6ind.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/515527/original/file-20230315-28-ry6ind.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/515527/original/file-20230315-28-ry6ind.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/515527/original/file-20230315-28-ry6ind.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/515527/original/file-20230315-28-ry6ind.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/515527/original/file-20230315-28-ry6ind.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Nearly all U.S. voters vote in person or by absentee or mail-in ballot.</span>
<span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/people-wait-in-line-for-early-voting-for-the-midterm-news-photo/1439028382">Michael M. Santiago/Getty Images</a></span>
</figcaption>
</figure>
<h2>Balancing security, efficiency and access</h2>
<p>While <a href="https://aceproject.org/ace-en/topics/em/annex/electoral-management-case-studies/the-united-states-decentralized-to-the-point-of">the United States’ decentralized approach</a> has its advantages, it also creates shortcomings in security, efficiency and access. </p>
<p>Secure elections means that only people who have the right to vote are able to cast a ballot and that they aren’t improperly influenced in the process. Efficient elections means the process is smooth — voters don’t have to wait in long lines, and their ballots are counted quickly and accurately. And access emphasizes that people who have the right to vote can register, gather the information they need in order to vote, and successfully cast their ballot. </p>
<p>Sometimes changes to voting practices that enhance one of these values – say, security – may create impediments for another – say, access. Requiring a photo ID to vote, for example, may reduce the <a href="https://ballotpedia.org/Voter_impersonation">small likelihood of voter impersonation</a>, but it also risks preventing a legitimate voter who forgets to bring, <a href="https://www.washingtonpost.com/politics/courts_law/getting-a-photo-id-so-you-can-vote-is-easy-unless-youre-poor-black-latino-or-elderly/2016/05/23/8d5474ec-20f0-11e6-8690-f14ca9de2972_story.html">or doesn’t have</a>, a valid photo ID from exercising their right to vote. Finding an acceptable balance among these values is a challenge for citizens and policymakers alike.</p>
<h2>Misinformation derails digital efforts</h2>
<p>Several states, including my own state of West Virginia, <a href="https://www.npr.org/2023/03/06/1161374479/electronic-registration-information-center-eric-florida-missouri-west-virginia">recently made a decision</a> that I believe undermines all three of these values by making our elections less secure, less efficient and less accessible.</p>
<p>In early March, West Virginia joined Florida, Missouri, Alabama and Louisiana in withdrawing from the <a href="https://ericstates.org">Electronic Registration Information Center</a>. ERIC is a multistate, data-sharing effort to make voter rolls more accurate and encourage eligible citizens to vote. The 28 participating states and the District of Columbia provide voter registration and driver’s license data to ERIC and receive an analysis that shows who has moved, who has died and who is eligible to vote but has not registered. </p>
<p>These reports help states clean up their voter rolls, <a href="https://www.statenews.org/government-politics/2023-03-07/larose-says-ohio-may-drop-out-of-voter-registration-program-he-praised-last-month">identify incidents of fraud</a> and <a href="https://ericstates.org/wp-content/uploads/2023/03/ERIC_Bylaws.pdf">provide unregistered voters</a> with information about how to vote. </p>
<p>In other words, ERIC is designed to enhance security, efficiency and access. However, over the past year, <a href="https://www.theguardian.com/us-news/2023/mar/08/republican-states-eric-voter-rolls-program-conspiracy">unsubstantiated claims have circulated</a> that ERIC is being used as a <a href="https://www.wvnews.com/news/wvnews/west-virginia-resigns-from-electronic-registration-information-center/article_f68b2bc4-bc50-11ed-b356-5b309dab29c3.html">partisan tool to undermine election integrity</a>. </p>
<p>ERIC was established, however, as a <a href="https://doi.org/10.1007/978-3-030-18541-1_31">nonpartisan information provider with bipartisan support</a>. States that exit ERIC may be sacrificing the integrity of their election process based on <a href="https://www.politifact.com/factchecks/2022/oct/17/mark-finchem/arizonas-mark-finchem-falsely-links-george-soros-t/">unfounded conspiracies</a>.</p>
<p>The U.S. can learn a tremendous amount from Estonia’s e-governance revolution. Estonia faces a hostile security environment with an antagonistic Russia next door. But its integrated systems have helped balance security, efficiency and access in a wide range of government services. With the decision to withdraw from ERIC, some states are in danger of pulling the U.S. in the other direction.</p><img src="https://counter.theconversation.com/content/201751/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Erik S. Herron receives funding from the US Department of Defense Minerva Research Initiative. </span></em></p>Americans can look to Estonia for lessons on how online voting systems can improve election integrity.Erik S. Herron, Professor of Political Science, West Virginia UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1361632020-04-28T13:43:26Z2020-04-28T13:43:26ZHow e-voting could close Canada’s political gender gap<figure><img src="https://images.theconversation.com/files/330548/original/file-20200426-163110-17g7dd1.jpg?ixlib=rb-1.1.0&rect=0%2C28%2C1920%2C1247&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Allowing MPs to vote electronically would go a long way to promoting gender equity in Canadian politics.</span> <span class="attribution"><span class="source">(Pixabay)</span></span></figcaption></figure><p>The year 2019 was eventful in the struggle to close the gender gap in Canadian politics. </p>
<p>A record <a href="https://www.cbc.ca/news/politics/women-mps-house-of-commons-2019-election-1.5404800">98 women</a> (29 per cent of seats in Parliament) were elected into the House of Commons, and a law was finally passed that gives <a href="https://www.cbc.ca/news/politics/parental-leave-commons-1.5175413">paid parental leave</a> to MPs. </p>
<p>Despite this progress, barriers continue to exist for equitable parliamentary practices. The requirement that House of Commons members are expected to vote <a href="https://www.ourcommons.ca/About/ProcedureAndPractice3rdEdition/ch_09_2-e.html">in person</a>, instead of via electronic voting, is a policy that discourages those recovering from childbirth or with care-giving responsibilities from <a href="https://ici.radio-canada.ca/info/2019/elections-federales/femmes-hommes-probabilites-vote-egalite-chateaux-forts/index-en.html">seeking political office</a>.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/330419/original/file-20200424-163110-xasxzo.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/330419/original/file-20200424-163110-xasxzo.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=399&fit=crop&dpr=1 600w, https://images.theconversation.com/files/330419/original/file-20200424-163110-xasxzo.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=399&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/330419/original/file-20200424-163110-xasxzo.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=399&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/330419/original/file-20200424-163110-xasxzo.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=502&fit=crop&dpr=1 754w, https://images.theconversation.com/files/330419/original/file-20200424-163110-xasxzo.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=502&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/330419/original/file-20200424-163110-xasxzo.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=502&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Democratic Institutions Minister Karina Gould pauses to talk to reporters as she carries her three-month-old baby on Parliament Hill in May 2018.</span>
<span class="attribution"><span class="source">THE CANADIAN PRESS/Sean Kilpatrick</span></span>
</figcaption>
</figure>
<p>MPs must find child care if their child is under 18 months old (the <a href="https://www.cbc.ca/news/politics/parental-leave-commons-1.5175413">minimum age</a> required to access the House of Commons daycare) and find a place to breastfeed (an act that can prompt <a href="https://www.theguardian.com/lifeandstyle/2018/jun/21/karina-gould-canadian-minister-breastfeeding-baby-footage-viral">international headlines</a>). In extreme cases, lack of equitable policies has even led an MP in the United Kingdom to <a href="https://www.theguardian.com/lifeandstyle/2019/feb/12/tulip-siddiq-i-needed-a-caesarean-instead-i-was-at-parliament">delay child birth</a> to squeeze in a vote. </p>
<p>On the surface, paid parental leave for MPs addresses longstanding discrimination after years of docking <a href="https://www.cbc.ca/news/politics/parental-leave-commons-1.5175413">$120 a day</a> from members who took leave longer than 21 days. It was a long time coming considering the first MP gave birth while in office <a href="https://www.ctvnews.ca/guergis-to-join-small-club-of-new-mothers-in-office-1.581142">in 1987</a>. </p>
<h2>What about voting?</h2>
<p>Yet the 2019 parental leave measures don’t address the logistics of MP voting while they’re on leave. That’s in keeping with other outdated House of Commons procedural measures that cause gender disparities among its members. </p>
<p>Those choosing to take leave under this policy are unable to take part in the parliamentary voting process and therefore perform the job they were elected to do. This could potentially negatively impact re-election campaigns and disincentivize MPs from taking leave at all, and therefore does little to address the systematic barriers to gender equity. </p>
<p>To boost inclusivity among its ranks, the House of Commons needs parliamentary reform of its voting procedures to allow electronic online voting, or e-voting, for its members.</p>
<p>The COVID-19 pandemic has <a href="https://www.theatlantic.com/ideas/archive/2020/03/coronavirus-creating-huge-stressful-experiment-working-home/607945/">prompted discussions</a> on how to keep the House of Commons operational while respecting public health measures. But emergency relief policies, created in a parliamentary system that was <a href="https://www.democraticaudit.com/2016/07/29/designing-a-new-parliament-with-women-in-mind/">built to fit the needs</a> of men, are falling short in providing protections for all Canadians. </p>
<p>One example of this policy failure is illustrated by the industries most affected by the COVID-19 pandemic. <a href="http://behindthenumbers.ca/2020/03/20/covid-19-crisis-response-must-address-gender-faultlines/">Women outnumber men</a> in low-paying positions that are most at risk of COVID-19 exposure.</p>
<p>For example, personal support workers, responsible for disinfecting primary-care facilities, are experiencing <a href="https://www.ctvnews.ca/canada/women-disproportionately-bearing-the-brunt-of-coronavirus-crisis-advocates-say-1.4907309">inadequate safety measures</a> — including a shortage of personal protection equipment — <a href="https://globalnews.ca/news/6787770/coronavirus-canada-protective-equipment-cleaners-admin-workers/">despite efforts</a> by labour unions to increase health and safety measures for this industry. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/330549/original/file-20200426-163067-4cv9hc.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/330549/original/file-20200426-163067-4cv9hc.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=429&fit=crop&dpr=1 600w, https://images.theconversation.com/files/330549/original/file-20200426-163067-4cv9hc.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=429&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/330549/original/file-20200426-163067-4cv9hc.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=429&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/330549/original/file-20200426-163067-4cv9hc.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=540&fit=crop&dpr=1 754w, https://images.theconversation.com/files/330549/original/file-20200426-163067-4cv9hc.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=540&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/330549/original/file-20200426-163067-4cv9hc.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=540&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">A health-care worker waves as she finishes her shift for the day at the Eatonville Care Centre in Toronto on April 24, 2020. The care centre has been one of the hardest hit by COVID-19 pandemic in the country.</span>
<span class="attribution"><span class="source">THE CANADIAN PRESS/Nathan Denette</span></span>
</figcaption>
</figure>
<p>This issue, exacerbated by the pandemic, is an explicit example of how non-representative legislatures, coupled with a lack of empirical research on women, produce inadequate policies. E-voting acknowledges the need for flexibility and promotes more inclusive policy-making. </p>
<h2>We have the technology for e-voting</h2>
<p><a href="https://www.canada.ca/en/democratic-institutions/services/reports/online-voting-path-forward-federal-elections.html">Canada has the technology</a>. E-voting <a href="https://carleton.ca/canadaeurope/wp-content/uploads/AComparativeAssessmentofInternetVotingFINALFeb19-a-1.pdf">exists in municipal elections</a> in Canada, parties already use online voting to cast ballots for internal matters such as leadership contests and more than <a href="https://policyoptions.irpp.org/magazines/october-2017/reforming-the-indian-act-to-allow-for-online-voting/">50 First Nations</a> in Canada use e-voting. </p>
<p>Designing MP voting practices that are integrated with existing online technologies has already been implemented within several parliamentary systems in varying degrees. </p>
<p>Recent coronavirus-related examples include the European Union adopting e-voting via <a href="https://techcrunch.com/2020/03/23/eu-parliament-moves-to-email-voting-during-covid-19/">email ballots</a> and the United Kingdom parliament approving e-voting <a href="https://irishtechnews.ie/blockchain-e-voting-is-real-where-how-when/">via Zoom</a>. Even the world’s <a href="https://www.bbc.com/news/world-europe-isle-of-man-52134400">oldest continuously sitting parliament</a> on the Isle of Man announced that it’s moving its voting online, using the <a href="https://www.politicshome.com/thehouse/article/coronavirus-how-are-parliaments-worldwide-working-during-the-pandemic">chat box</a> of its videoconferencing software to vote. </p>
<p>Canada’s House of Commons should look to international e-voting practices to adopt a system that promotes both accessibility and public health measures for its members. </p>
<p>Critics of e-voting cite cybersecurity concerns, especially in the age of <a href="https://www.cigionline.org/articles/canadas-voting-system-isnt-immune-interference">foreign electoral interference</a>. Canadian academics Nicole Goodman and Aleksander Essex point out <a href="https://policyoptions.irpp.org/magazines/march-2020/online-voting-entirely-possible-for-mps-during-times-of-crisis/">three reasons</a> why this critique does not apply to e-voting in Canada. </p>
<p>First, MP votes are public and easily verifiable. Second, educating MPs on e-voting best practices is feasible, no matter how archaic the institution. Third, registering e-votes via a secure remote device is well within the resources of the federal government.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/330547/original/file-20200426-163126-g658nh.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/330547/original/file-20200426-163126-g658nh.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=434&fit=crop&dpr=1 600w, https://images.theconversation.com/files/330547/original/file-20200426-163126-g658nh.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=434&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/330547/original/file-20200426-163126-g658nh.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=434&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/330547/original/file-20200426-163126-g658nh.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=546&fit=crop&dpr=1 754w, https://images.theconversation.com/files/330547/original/file-20200426-163126-g658nh.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=546&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/330547/original/file-20200426-163126-g658nh.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=546&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Canada has the technology to allow MPs to vote electronically.</span>
<span class="attribution"><span class="source">(Pixabay)</span></span>
</figcaption>
</figure>
<p>Clearly, instituting remote online voting for Canada’s much smaller and institutionally younger parliamentary system is an easy win. Installing electronic online voting is necessary to bring Canada a step closer to closing the gender gap.</p><img src="https://counter.theconversation.com/content/136163/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Regan M. Johnston does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>To boost inclusivity among its ranks, the House of Commons needs parliamentary reform of its voting procedures to allow electronic online voting, or e-voting, for its members.Regan M. Johnston, PhD Political Science Student, McMaster UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1225212019-10-18T11:25:19Z2019-10-18T11:25:19ZBlockchain voting is vulnerable to hackers, software glitches and bad ID photos – among other problems<figure><img src="https://images.theconversation.com/files/297192/original/file-20191015-98640-irfz02.jpg?ixlib=rb-1.1.0&rect=0%2C343%2C4167%2C3256&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">How secure is online voting with blockchain technology?</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-vector/blockchain-online-voting-concept-stock-vector-691323088">WhiteDragon/Shutterstock.com</a></span></figcaption></figure><p>A developing technology called “blockchain” has gotten attention from election officials, startups and even Democratic presidential candidate <a href="https://www.yang2020.com/policies/modernize-voting/">Andrew Yang</a> as a <a href="https://www.wired.com/story/wouldnt-it-be-great-if-people-could-vote-on-blockchain/">potential way to boost voter turnout and public trust in election results</a>.</p>
<p>I <a href="https://scholar.google.com/citations?user=Qx3YMi4AAAAJ&hl=en&oi=ao">study</a> blockchain technology and its potential use in <a href="https://theconversation.com/blockchain-systems-are-tracking-food-safety-and-origins-106491">fighting fraud</a>, <a href="https://www.wsj.com/articles/blockchain-could-be-the-answer-to-cybersecurity-maybe-1527645960">strengthening cybersecurity</a> and securing <a href="https://doi.org/10.1109/MS.2018.2801546">voting</a>. </p>
<p>I see promising signs that blockchain-based voting could make it more convenient for people to vote, thereby boosting voter turnout. And blockchain systems can be effective at <a href="https://theconversation.com/using-blockchain-to-secure-the-internet-of-things-90002">strengthening the security of devices, networks and critical systems like electricity grids</a>, as well as <a href="https://doi.org/10.1016/j.telpol.2017.09.003">protecting personal privacy</a>.</p>
<p>The few small-scale tests run so far have identified problems and vulnerabilities in the digital systems and government administrative procedures that must be resolved before blockchain-based voting can be considered safe and trustworthy. Therefore I don’t see clear evidence that it can prevent, or even detect, election fraud.</p>
<h2>How it works</h2>
<p>There are a few steps in a blockchain-based voting system, which uses technology to mirror the process of in-person voting. </p>
<p>First, the system needs to verify a voter’s identity – often by having the user upload a photo of a government-issued ID and then a photo or video self-portrait. The system confirms the ID’s validity, and facial recognition software makes sure the person in the self-portrait is the person on the ID. Then the user is <a href="https://www.weforum.org/agenda/2018/08/some-americans-will-get-to-vote-via-blockchain-this-november">authenticated as eligible to cast a vote</a>.</p>
<p>Only at that point does blockchain technology actually enter the process. The system gives each authenticated voter a <a href="https://venturebeat.com/2016/10/22/blockchain-tech-could-fight-voter-fraud-and-these-countries-are-testing-it/">digital token that represents the person’s vote</a> and a list of the digital addresses to which he or she can send that token. Each address indicates a vote for a particular candidate or an answer to a ballot question.</p>
<p>The tokens don’t indicate who cast them, so votes remain anonymous. When a voter sends a token, a record of that act is <a href="https://www.technologyreview.com/s/611850/why-security-experts-hate-that-blockchain-voting-will-be-used-in-the-midterm-elections/">stored simultaneously on several different computers</a>, making it much harder for hackers to <a href="https://qz.com/1574671/the-fbi-is-investigating-west-virginias-blockchain-based-midterm-elections/">alter the vote records</a>. After casting the ballot by sending the token, the user receives a unique code that they can use to look at the anonymized online vote tally to <a href="https://www.governing.com/Utah-County-Puts-Blockchain-Voting-to-Test-in-Live-Audit.html">confirm their vote was counted as they intended</a>.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/297220/original/file-20191015-98678-1h37es5.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/297220/original/file-20191015-98678-1h37es5.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/297220/original/file-20191015-98678-1h37es5.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=173&fit=crop&dpr=1 600w, https://images.theconversation.com/files/297220/original/file-20191015-98678-1h37es5.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=173&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/297220/original/file-20191015-98678-1h37es5.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=173&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/297220/original/file-20191015-98678-1h37es5.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=217&fit=crop&dpr=1 754w, https://images.theconversation.com/files/297220/original/file-20191015-98678-1h37es5.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=217&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/297220/original/file-20191015-98678-1h37es5.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=217&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">An example of a Voatz voting interface.</span>
<span class="attribution"><a class="source" href="https://blog.voatz.com/?p=848">Voatz</a></span>
</figcaption>
</figure>
<h2>Small-scale trials, so far</h2>
<p>Early results show that blockchain systems may increase voter turnout, though it’s not yet clear why. <a href="https://www.cyberscoop.com/nasdaq-estonia-evoting-pilot/">Many of the tests</a> have been for <a href="https://www.nasdaq.com/article/sierra-leone-pilots-blockchain-based-voting-for-political-elections-cm938309">informal ballots</a>, like <a href="http://www.govtech.com/biz/Blockchain-Voting-Startup-Raises-22M.html">student government groups</a> and <a href="https://kryptomoney.com/south-korea-uses-blockchain-technology-for-elections">community projects</a>.</p>
<p>However, several election officials in the U.S. have held small-scale trials of blockchain voting, allowing members of the military who are stationed overseas to vote electronically, rather than by mail. </p>
<p>In the November 2018 congressional elections, West Virginia allowed <a href="https://slate.com/technology/2019/07/west-virginia-blockchain-voting-voatz.html">144 voters living overseas to cast ballots from 31 different countries</a> using an app developed by a <a href="https://www.computerworld.com/article/3430697/why-blockchain-could-be-a-threat-to-democracy.html">private company called Voatz</a>, which is involved in many of these trials.</p>
<p>Another <a href="https://www.longhash.com/news/west-virginia-will-use-blockchain-voting-in-the-2020-presidential-election-why">200 voters overseas expressed interest</a> in using the system, but their home counties in West Virginia weren’t set up to do so. Based on the results, West Virginia says it plans to <a href="https://www.longhash.com/news/west-virginia-will-use-blockchain-voting-in-the-2020-presidential-election-why">continue and expand the trial in the 2020 presidential election</a>.</p>
<p>Denver, Colorado, had <a href="https://statescoop.com/west-virginia-denver-mobile-voting-app-voatz-increased-turnout/">119 voters who were overseas use a Voatz system</a> to cast their ballots in municipal primary elections in May. In the city’s June runoff election, <a href="https://statescoop.com/west-virginia-denver-mobile-voting-app-voatz-increased-turnout/">112 voters did so online</a> through a blockchain system. In August, <a href="https://www.governing.com/Utah-County-Puts-Blockchain-Voting-to-Test-in-Live-Audit.html">24 voters cast their ballots from overseas using a Voatz app</a> in a Utah County, Utah, election.</p>
<h2>A big test in Moscow</h2>
<p>The most recent – and largest – use of a blockchain-based voting system was in the city council election in Moscow, Russia, on Sept. 8. Because of <a href="https://meduza.io/en/feature/2019/08/20/after-hackers-break-moscow-s-prototype-internet-voting-city-officials-stop-sharing-contest-results-on-github">concerns that the system</a> was <a href="https://www.rferl.org/a/five-takeaways-moscow-elections-russia/30155264.html">not set up</a> <a href="https://www.euronews.com/2019/09/08/russians-cast-their-vote-following-summer-of-protest">securely</a>, only three of the city’s 20 electoral precincts allowed voters to use a blockchain-based mobile voting app to cast their ballot from anywhere with an internet connection.</p>
<p>Again, the evidence showed a boost in voter turnout: The city’s overall turnout rate was <a href="https://www.euronews.com/2019/09/08/russians-cast-their-vote-following-summer-of-protest">around 17%</a> of registered voters. That includes a <a href="https://www.rferl.org/a/five-takeaways-moscow-elections-russia/30155264.html">90% turnout</a> among the voters who had registered to use the system. </p>
<p>However, <a href="https://www.rferl.org/a/five-takeaways-moscow-elections-russia/30155264.html">technological complications</a> <a href="https://meduza.io/en/feature/2019/09/09/moscow-s-election-results">barred some people from voting</a>, which led at least one losing candidate to object that he would have won if everything had worked properly. That’s the sort of problem that is most worrying for people who hope using mathematical principles and computerized encryption will help the public have trust in election outcomes.</p>
<h2>Key challenges unsolved</h2>
<p>There are several obstacles in the way of blockchain ever becoming useful for large-scale, legally binding voting. </p>
<p>One is that most people have little understanding of how blockchain systems work. Another, equally vital, is that <a href="https://arstechnica.com/tech-policy/2018/11/blockchain-based-elections-would-be-a-disaster-for-democracy/">even experts don’t have a way to identify every possible irregularity</a> in online voting. Voting on paper, by contrast, is well studied and <a href="https://theconversation.com/paper-trails-and-random-audits-could-secure-all-elections-dont-save-them-just-for-recounts-in-close-races-94243">easily verified and audited</a>.</p>
<p>One crucial aspect of a blockchain voting system is the method by which the computer system verifies voters’ identities. When a verified voter establishes an account on the system, that process creates a digital key that identifies them securely when casting a ballot. A more complex key is harder to hack, but also <a href="https://www.owasp.org/index.php/Guide_to_Cryptography">takes more computing resources</a> to verify. It will be important to find a way to protect the integrity of the voting process, without exhausting government budgets buying advanced computing power. The computational power required may make blockchain systems inefficient for voting on a nationwide scale – or even statewide, in populous states like California and Texas.</p>
<p>The Moscow election system, for instance, <a href="https://www.zdnet.com/article/moscows-blockchain-voting-system-cracked-a-month-before-election/">initially assigned keys that were too easily hacked</a>. That opened the possibility of <a href="https://www.mobilepaymentstoday.com/news/french-researcher-cracks-moscows-blockchain-voting-system-2/">voter impersonation</a>, which is bad enough. But that weakness also violated the principle of a secret ballot by <a href="https://www.coindesk.com/moscow-blockchain-voting-system-completely-insecure-says-researcher">letting outsiders know how each person voted</a>.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/297208/original/file-20191015-98648-10qicrs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/297208/original/file-20191015-98648-10qicrs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/297208/original/file-20191015-98648-10qicrs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=380&fit=crop&dpr=1 600w, https://images.theconversation.com/files/297208/original/file-20191015-98648-10qicrs.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=380&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/297208/original/file-20191015-98648-10qicrs.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=380&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/297208/original/file-20191015-98648-10qicrs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=478&fit=crop&dpr=1 754w, https://images.theconversation.com/files/297208/original/file-20191015-98648-10qicrs.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=478&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/297208/original/file-20191015-98648-10qicrs.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=478&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Voting on paper is still the gold standard for security and integrity of elections.</span>
<span class="attribution"><a class="source" href="http://www.apimages.com/metadata/Index/America-Votes-2018/9611b9348f394a639b924478f92bb822/125/0">AP Photo/Charlie Neibergall</a></span>
</figcaption>
</figure>
<h2>Outside the blockchain itself</h2>
<p>Other problems with digital voting systems are separate from the underlying technologies. In some cases, government-issued IDs used to verify voters’ identities are many years old. </p>
<p>Even when dealing with current images, facial recognition systems, <a href="https://www.wired.com/story/smartphone-voting-is-happening-west-virginia/">including the one used by Voatz</a>, have <a href="https://www.computerworld.com/article/3430697/why-blockchain-could-be-a-threat-to-democracy.html">high error rates</a>, especially for <a href="https://statescoop.com/west-virginia-denver-mobile-voting-app-voatz-increased-turnout/">non-white voters</a>. In addition, hackers may try to <a href="https://www.wired.com/story/smartphone-voting-is-happening-west-virginia/">trick the system</a>. </p>
<p>The phone or computer a voter uses to cast a ballot <a href="https://www.cnet.com/news/blockchain-isnt-answer-to-voting-system-woes/">may not be secure</a>, <a href="https://www.wired.com/story/smartphone-voting-is-happening-west-virginia/">either</a> – and it’s not safe to assume that the computer networks they communicate over, and the servers the data is stored on, <a href="https://slate.com/technology/2019/07/west-virginia-blockchain-voting-voatz.html">are safe from manipulation</a> or even random errors.</p>
<h2>Trust, but verify</h2>
<p>Proprietary voting apps like Voatz <a href="https://www.newyorker.com/tech/annals-of-technology/the-campaign-for-mobile-phone-voting-is-getting-a-midterm-test">offer the public no way to know</a> <a href="https://www.longhash.com/news/west-virginia-will-use-blockchain-voting-in-the-2020-presidential-election-why">whether voters’ choices</a> are <a href="https://fortune.com/2019/03/23/blockchain-vote-election-denver-west-virginia-voatz/">accurately recorded</a>, nor whether these apps <a href="https://www.technologyreview.com/s/611850/why-security-experts-hate-that-blockchain-voting-will-be-used-in-the-midterm-elections/">truthfully deliver their ballots’ encrypted copy to be counted by election officials</a>. </p>
<p>Voatz has claimed that its system <a href="https://cse.sc.edu/%7Ebuell/blockchain-papers/documents/WhatWeDontKnowAbouttheVoatz_Blockchain_.pdf">has been audited by third parties</a>, but has made <a href="https://voatz.com/faq.html#audit">few details of that process or its findings</a> available to the public. West Virginia officials who hired Voatz have also <a href="https://www.computerworld.com/article/3430697/why-blockchain-could-be-a-threat-to-democracy.html">refused to reveal information</a> about <a href="https://slate.com/technology/2019/07/west-virginia-blockchain-voting-voatz.html">how its security was evaluated</a>.</p>
<p>The company has said it <a href="https://cse.sc.edu/%7Ebuell/blockchain-papers/documents/WhatWeDontKnowAbouttheVoatz_Blockchain_.pdf">would not release that information</a> because it had a <a href="https://slate.com/technology/2019/07/west-virginia-blockchain-voting-voatz.html">nondisclosure agreement</a> with the auditors, and <a href="https://slate.com/technology/2019/07/west-virginia-blockchain-voting-voatz.html">for fear its proprietary system design might be discovered</a> by competitors.</p>
<p>It’s possible that blockchain-based voting could boost voter participation rates, but there’s no evidence yet that it is better at preventing election fraud. With plenty of potential trouble spots outside the system itself, and little public transparency within it, I have to conclude that blockchain voting is not yet safe or ready for service.</p><img src="https://counter.theconversation.com/content/122521/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Nir Kshetri does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Blockchain technology can address some weaknesses in voting systems, but not all of them – and it opens new potential vulnerabilities, too.Nir Kshetri, Professor of Management, University of North Carolina – GreensboroLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1187062019-07-12T09:35:51Z2019-07-12T09:35:51ZFour ways blockchain could make the internet safer, fairer and more creative<figure><img src="https://images.theconversation.com/files/283726/original/file-20190711-173351-bhc1jk.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C8124%2C4986&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-illustration/blockchain-technology-information-blocks-cyberspace-decentralized-1134313550?src=Ygq-b0Vg6VDFi07rDI8GDA-1-55&studio=1">Yurchanka Siarhei/Shutterstock</a></span></figcaption></figure><p>The internet is unique in that it has no central control, administration or authority. It has given everyone with access to it a platform to express their views and exchange ideas with others instantaneously. But in recent years, internet services such as search engines and social media platforms have increasingly been provided by a small number of very large tech firms. </p>
<p>On the face of it, companies such as Google and Facebook claim to provide a free service to all their users. But in practice, they harvest huge amounts of personal data and sell it on to others for profit. They’re able to do this every time you log into social media, ask a question on a search engine or store files on a cloud service. The internet is slowly turning into something like the current financial system, which centrally monitors all transactions and uses that data to predict what people will buy in future.</p>
<p>This type of monitoring has huge implications for the privacy of ordinary people around the world. The digital currency <a href="https://bitcoin.org/bitcoin.pdf">Bitcoin</a>, which surfaced on the internet in 2008, sought to break the influence that large, private bodies have over what we do online. The researchers had finally solved one of the biggest concerns with digital currencies – that they need central control by the companies that operate them, in the same way traditional currencies are controlled by a bank. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/283763/original/file-20190711-173351-1646hx0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/283763/original/file-20190711-173351-1646hx0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=600&fit=crop&dpr=1 600w, https://images.theconversation.com/files/283763/original/file-20190711-173351-1646hx0.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=600&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/283763/original/file-20190711-173351-1646hx0.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=600&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/283763/original/file-20190711-173351-1646hx0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=754&fit=crop&dpr=1 754w, https://images.theconversation.com/files/283763/original/file-20190711-173351-1646hx0.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=754&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/283763/original/file-20190711-173351-1646hx0.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=754&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Bitcoin was the first application of a blockchain, but the technology shouldn’t stop there.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-vector/bitcoin-physical-bit-coin-digital-currency-674460637?src=l37Sdn0-y_jQyrBkOhfGvA-1-2&studio=1">AnnaGarmatiy/Shutterstock</a></span>
</figcaption>
</figure>
<p>The core idea behind the Bitcoin system is to make all the participants in the system, collectively, the bank. To do this, blockchains are used. Blockchains are distributed, tamper-proof ledgers, which can record every transaction made within a network. The ledger is distributed in the sense that a synchronised copy of the blockchain is maintained by each of the participants in the network, and tamper-proof in the sense that each of the transactions in the ledger is locked into place using a strong encrypting technique called hashing.</p>
<p>More than a decade since this technology emerged, we’re still only beginning to scratch the surface of its potential. People researching it may have overlooked one of its most useful applications – making the internet better for everyone who uses it.</p>
<h2>Help stamp out hate</h2>
<p>In order to use services on the internet such as social media, email and cloud data storage, people need to authenticate themselves to the service provider. The way to do this at the moment is to come up with a username and password and register an account with the provider. But at the moment, there’s no way to verify the user’s identity. Anyone can create an account on platforms like Facebook and use it to spread fake news and hatred, without fear of ever being identified and caught.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/now-theres-a-game-you-can-play-to-vaccinate-yourself-against-fake-news-92074">Now there's a game you can play to 'vaccinate' yourself against fake news</a>
</strong>
</em>
</p>
<hr>
<p>Our idea is to issue each citizen with a digital certificate by first verifying their identity. An organisation like your workplace, university or school knows your identity and is in a position to issue you with a certificate. If other organisations do the same for their members, we could put these certificates on a publicly accessible blockchain and create a <a href="https://www.researchgate.net/publication/317428254_X509Cloud_-_Framework_for_a_ubiquitous_PKI">global protected record</a> of every internet user’s identity.</p>
<p>Since there’d be a means for identifying users with their digital certificate, social media accounts could be linked to real people. A school could create social media groups which could only be accessed if a student had a certificate issued to them by the school, preventing the group being infiltrated by outsiders.</p>
<h2>Never forget a password again</h2>
<p>A user could ask for a one-time password (OTP) for Facebook by clicking an icon on their mobile phone. Facebook would then look up the user’s digital certificate on the blockchain and return an OPT to their phone. The OTP will be encrypted so that it cannot be seen by anyone else apart from the intended recipient. The user would then login to the service using their username and the OTP, thereby eliminating the need to remember passwords. The OTP changes with each login and is delivered encrypted to your phone, so it’s much more difficult to guess or steal a password.</p>
<h2>Vote with your phone</h2>
<p>People are often too busy or reluctant to go to a polling station on voting days. An <a href="https://www.researchgate.net/publication/321803764_THE_FUTURE_OF_E-VOTING">internet voting system</a> could change that. Digital currencies like Zerocash are fully anonymous and can be traced on the blockchain, giving it the basic ingredients for a voting system. Anyone can examine the blockchain and confirm that a particular token has been transferred between two parties without revealing their identities.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/283761/original/file-20190711-173325-14k8q3o.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/283761/original/file-20190711-173325-14k8q3o.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/283761/original/file-20190711-173325-14k8q3o.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/283761/original/file-20190711-173325-14k8q3o.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/283761/original/file-20190711-173325-14k8q3o.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/283761/original/file-20190711-173325-14k8q3o.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/283761/original/file-20190711-173325-14k8q3o.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Blockchain could ensure more people are able to vote.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-vector/flat-isometric-vector-concept-voting-online-1128828170?src=JXxu_LOjRcbkVuds2w7N9Q-1-0&studio=1">TarikVision/Shutterstock</a></span>
</figcaption>
</figure>
<p>Each candidate could be given a digital wallet and each eligible voter given a token. Voters cast their token into the wallet of their preferred candidate using their mobile phone. If the total number of tokens in the wallets is less than or equal to the number issued, then you have a valid poll and the candidate with the most tokens is declared the winner. </p>
<h2>No more tech companies selling your data</h2>
<p>People use search engines everyday, but this allows companies like Google to gather trends, create profiles and sell this valuable information to marketing companies. If internet users were to use a digital currency to make a micropayment – perhaps one-hundredth of a cent – for each search query that they perform, there would be less incentive for a search company to sell their personal data. Even if someone performed a hundred search queries per day they would end up paying only one cent – a small price to pay for one’s privacy.</p>
<p>Blockchain technology started as a means for making online transactions anonymous, but it would be shame for it to stop there. The more researchers like me think about its potential, the more exciting possibilities emerge.</p><img src="https://counter.theconversation.com/content/118706/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Hitesh Tewari receives funding from Science Foundation Ireland (SFI) and Enterprise Ireland (EI). </span></em></p>More than ten years since blockchains were developed, their usefulness is only just being discovered.Hitesh Tewari, Assistant Professor in the School of Computer Science and Statistics, Trinity College DublinLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1158792019-04-30T10:43:50Z2019-04-30T10:43:50ZHow the world’s largest democracy casts its ballots<p><a href="https://www.latimes.com/world/la-fg-india-election-explainer-20190401-story.html">About 600 million Indian citizens</a> are expected to cast their votes over <a href="https://eci.gov.in/general-election/general-elections-2019/">a period of 39 days</a> ending May 19, in the ongoing election for their country’s parliament. There are <a href="https://www.cnn.com/2019/02/16/asia/india-election-numbers-intl/index.html">roughly 900 million eligible voters</a>, and the country has typically seen <a href="https://www.bloomberg.com/news/articles/2019-04-23/biggest-round-of-voting-to-see-bjp-chief-make-debut-india-votes">about two-thirds</a> of them turn out to polling places. </p>
<p>I have been working on the security of electronic voting systems for more than 15 years, and, along with other colleagues, have been interested in understanding how a nation can tally that many votes cast over such a long period. India uses a <a href="https://eci.gov.in/files/file/8756-status-paper-on-evm-edition-3">domestically designed and manufactured electronic voting machine</a> – as many as <a href="https://www.nytimes.com/aponline/2019/04/13/world/asia/ap-as-india-remote-voting.html">4 million of them</a> at <a href="https://www.aljazeera.com/indepth/interactive/2019/04/indian-elections-190410185739389.html">1 million polling places</a>, at least some in <a href="https://www.washingtonpost.com/world/asia_pacific/election-workers-in-india-traveled-300-miles-over-4-days-to-set-up-a-polling-booth--for-one-voter/2019/04/17/44b4eb46-5bb1-11e9-98d4-844088d135f2_story.html">extremely</a> <a href="https://www.nytimes.com/reuters/2019/04/23/world/asia/23reuters-india-election-lone-voter.html">remote</a> locations. </p>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/271220/original/file-20190426-194637-a2b27o.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/271220/original/file-20190426-194637-a2b27o.png?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/271220/original/file-20190426-194637-a2b27o.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=687&fit=crop&dpr=1 600w, https://images.theconversation.com/files/271220/original/file-20190426-194637-a2b27o.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=687&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/271220/original/file-20190426-194637-a2b27o.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=687&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/271220/original/file-20190426-194637-a2b27o.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=863&fit=crop&dpr=1 754w, https://images.theconversation.com/files/271220/original/file-20190426-194637-a2b27o.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=863&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/271220/original/file-20190426-194637-a2b27o.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=863&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Different areas of India vote on seven different days, over the course of a 39-day election period.</span>
<span class="attribution"><a class="source" href="https://commons.wikimedia.org/wiki/File:2019_Lok_Sabha_Election_Schedule.svg">Furfur, translated by RaviC/Wikimedia Commons</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span>
</figcaption>
</figure>
<p>The first version of the Indian electronic voting machine debuted in the <a href="https://eci.gov.in/faqs/evm/general-qa/electronic-voting-machine-r2/">state election in Kerala</a> in 1982. Now they’re used in elections throughout the country, which happen on different days in different areas.</p>
<h2>How does it work?</h2>
<p>When a voter arrives at the polling place, she presents a <a href="https://eci.gov.in/files/file/9367-photo-voter-slips-not-to-be-valid-as-stand-alone-identification-document-for-voting/">photo ID</a> and the poll officer checks that she is on the electoral roll. When it’s her turn to vote, a polling official uses an electronic voting machine’s control unit to unlock its balloting unit, ready to accept her vote.</p>
<p>The balloting unit has a very simple user interface: a series of buttons with candidate names and symbols. To vote, the voter simply presses the button next to the candidate of her choice.</p>
<p>After each button press, a printer <a href="https://timesofindia.indiatimes.com/india/what-is-vvpat/articleshow/68683682.cms">prints out the voter’s choice on paper</a> and displays it to the voter for a few seconds, so the person may verify that the vote was recorded correctly. Then the paper is dropped into a locked storage box.</p>
<p><a href="https://eci.gov.in/faqs/evm/general-qa/electronic-voting-machine-r2/">The whole system</a> runs on a battery, so it does not need to be plugged in.</p>
<p>When it’s time for the polling place to close at the end of the voting day, each electronic voting machine device and paper-record storage box is sealed with wax and tape bearing the signatures of representatives of the various candidates in that election, and stored under armed guard.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/270504/original/file-20190423-175510-1kusqa0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/270504/original/file-20190423-175510-1kusqa0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/270504/original/file-20190423-175510-1kusqa0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=412&fit=crop&dpr=1 600w, https://images.theconversation.com/files/270504/original/file-20190423-175510-1kusqa0.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=412&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/270504/original/file-20190423-175510-1kusqa0.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=412&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/270504/original/file-20190423-175510-1kusqa0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=518&fit=crop&dpr=1 754w, https://images.theconversation.com/files/270504/original/file-20190423-175510-1kusqa0.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=518&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/270504/original/file-20190423-175510-1kusqa0.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=518&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A woman tests an electronic voting machine in India in advance of that country’s national elections.</span>
<span class="attribution"><a class="source" href="http://www.apimages.com/metadata/Index/India-Elections/dd6866c05c9948b596536dc91d5a99db/4/0">AP Photo/Manish Swarup</a></span>
</figcaption>
</figure>
<p>After the election period is over and it’s time to tally the votes, the electronic voting machines are brought out, the seals opened and the vote counts for each control unit are read out from its display board. Election workers hand-tally these individual machine totals to obtain the election results for each constituency.</p>
<h2>Security protections – and concerns</h2>
<p>The Indian electronic voting machine primarily runs on specialized hardware and firmware, unlike the voting machines used in the U.S., which are software-intensive. It is intended for the single purpose of voting and specially designed for that, rather than relying on a <a href="https://theconversation.com/aging-voting-machines-threaten-election-integrity-54523">standard operating system like Windows</a>, which needs to be regularly updated to patch detected security vulnerabilities.</p>
<p>Each machine requires only a connection between a balloting unit and a control unit; there are no provisions to connect an electronic voting machine to a computer network, much less the internet – including wirelessly.</p>
<p>This design does offer some protections against possible tampering with how votes are recorded and tallied. The Election Commission of India has repeatedly claimed that the <a href="https://timesofindia.indiatimes.com/city/lucknow/evms-tamper-proof-machines-used-for-local-body-polls-not-our-responsibility-eci/articleshow/58092072.cms">electronic voting machines are tamper-proof</a>. However, <a href="https://doi.org/10.1145/1866307.1866309">a scholarly study has demonstrated</a> there are ways to rig the machines. In particular, the simplicity of the design allows for simple attacks, such as <a href="http://amaldev.blog/hacking-indian-evms/">intercepting and modifying the signal</a> carried over the machine’s cable.</p>
<p>The Election Commission has <a href="https://www.bbc.com/news/world-asia-india-46987319">not made public any independent security evaluations</a>, so it’s unclear exactly what is – or isn’t – possible. Parties that <a href="https://scroll.in/article/832003/the-great-evm-debate-convincing-the-losers-that-they-lost">lose elections</a> often <a href="https://www.outlookindia.com/website/story/election-integrity/266878">suspect malfeasance</a> and <a href="https://www.deccanherald.com/national/national-politics/first-evm-experiment-fiasco-led-to-ban-in-india-728958.html">question the equipment</a>.</p>
<h2>Manufacturing the machines</h2>
<p>As <a href="https://scroll.in/article/834553/hacking-evms-the-ec-has-issued-a-challenge-it-must-first-accept-the-challenge-it-faces">I and others have observed</a>, when the machines are being made, there are a number of opportunities for someone to physically tamper with an electronic voting machine in ways that preelection device testing might not detect. The machines’ software is designed, written and tested at <a href="https://eci.gov.in/files/file/8756-status-paper-on-evm-edition-3/">two electronics companies owned by the government of India</a>: Bharat Electronics Limited and Electronics Corporation of India Limited. The chips for the machines are manufactured outside India. In earlier versions of the machine, the chip manufacturer also wrote the machine code into the chip; today the electronics companies do it themselves.</p>
<p>At any time during manufacture, testing and maintenance, it may be possible to <a href="https://www.thehindu.com/news/national/interview-with-george-washington-university-professor-poorvi-vora-on-evm-security/article18451662.ece">introduce counterfeit chips</a> or swap out other components that could let hackers alter the results.</p>
<p>The Election Commission of India argues that any manipulation or error would be detected because the electronic voting machine is tested frequently and candidate representatives have opportunities to <a href="https://economictimes.indiatimes.com/news/politics-and-nation/how-safe-is-an-evm-election-commissions-10-step-process-to-secure-voting-machines/articleshow/58611014.cms">participate in mock elections</a> immediately before a machine is used in a real election. However, it is possible to make changes that will not be detected. Testing can reveal only some problems, and the absence of problems during testing does not mean that problems do not exist.</p>
<h2>Auditing the machines’ results</h2>
<p>There is, however, a mechanism for detecting attacks – that printed-out paper bearing the vote and stored securely with the electronic equipment. A <a href="https://www.indiatoday.in/india/north/story/supreme-court-asks-election-commission-to-introduce-paper-trail-in-evms-213615-2013-10-08">2013 Supreme Court directive</a> asked the Election Commission to create that process to <a href="https://theconversation.com/paper-trails-and-random-audits-could-secure-all-elections-dont-save-them-just-for-recounts-in-close-races-94243">protect the integrity of the balloting</a> process. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/270524/original/file-20190423-175524-1iowuif.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/270524/original/file-20190423-175524-1iowuif.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/270524/original/file-20190423-175524-1iowuif.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/270524/original/file-20190423-175524-1iowuif.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/270524/original/file-20190423-175524-1iowuif.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/270524/original/file-20190423-175524-1iowuif.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/270524/original/file-20190423-175524-1iowuif.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/270524/original/file-20190423-175524-1iowuif.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">An Indian election official displays a sample paper record of an electronic ballot during a demonstration of how the equipment works.</span>
<span class="attribution"><a class="source" href="http://www.apimages.com/metadata/Index/India-Elections/afda1b6a8547489a946a6d63242a2955/26/0">AP Photo/Manish Swarup</a></span>
</figcaption>
</figure>
<p><a href="https://www.indiatoday.in/elections/lok-sabha-2019/story/supreme-court-election-commission-increase-vvpat-verification-evm-1496819-2019-04-08">In each constituency, five electronic voting machines</a> will have their results audited by comparing a manual count of the printouts with the electronic tallies. (This means about 1% or 2% of each constituency’s machines will be tested.) Opposition parties have asked the Supreme Court to order <a href="https://indianexpress.com/elections/opposition-comes-together-on-vvpat-says-will-go-to-supreme-court-again-5675583/">audits of half of all electronic voting machines</a>, but that may not happen with this year’s election.</p>
<p>While the electronic voting machine system is useful and functional, officials and observers shouldn’t assume there’s no way to tamper with the results. The Election Commission should certainly continue to improve testing and provide public reports of independent testing. However, because no technology can be tamper-proof, each election outcome should be <a href="https://arxiv.org/abs/1901.03108">verified by a manual audit</a>, to ensure that the results are correct, whatever they may be.</p><img src="https://counter.theconversation.com/content/115879/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Poorvi Vora receives funding from the National Science Foundation and has received funding from the Maryland Procurement Office in the past. She is affiliated with Verified Voting and the Election Verification Network. </span></em></p>Explaining the equipment and the process by which hundreds of millions of ballots are collected and counted in India.Poorvi Vora, Professor of Computer Science, George Washington UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1092222019-03-28T10:39:46Z2019-03-28T10:39:46ZAttacks against elections are inevitable – Estonia shows what can be done<figure><img src="https://images.theconversation.com/files/262480/original/file-20190306-100784-kt0a86.jpg?ixlib=rb-1.1.0&rect=395%2C38%2C3928%2C2871&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The March 3, 2019, elections in Estonia were well-defended against anti-democracy influences.</span> <span class="attribution"><a class="source" href="http://www.apimages.com/metadata/Index/Estonia-Election/f4fdedf50d734c688b0702fbaaad65e9/11/0">AP Photo/Raul Mee</a></span></figcaption></figure><p>Kremlin-backed attackers are <a href="https://www.zdnet.com/article/cyber-espionage-warning-russian-hacking-groups-step-up-attacks-ahead-of-european-elections/">working to influence the upcoming</a> <a href="http://www.europarl.europa.eu/at-your-service/en/be-heard/elections">European Parliament elections</a>, according to <a href="https://www.cnbc.com/2019/03/21/russian-hackers-target-european-governments-ahead-of-election-fireeye.html">cybersecurity firm FireEye</a>. A hacking campaign has <a href="https://www.zdnet.com/article/cyber-espionage-warning-russian-hacking-groups-step-up-attacks-ahead-of-european-elections/">targeted governments and political organizations</a> as well as <a href="https://www.reuters.com/article/us-microsoft-cyber-europe/microsoft-says-discovers-hacking-targeting-democratic-institutions-in-europe-idUSKCN1Q90GF">think tanks and nonprofits</a>, including prominent ones such as the <a href="https://blogs.microsoft.com/eupolicy/2019/02/20/accountguard-expands-to-europe">German Council on Foreign Relations, the Aspen Institute and the German Marshall Fund</a>, as Microsoft has reported.</p>
<p>These new reports highlight <a href="https://news.sky.com/story/eu-prepares-for-major-international-cyber-attacks-ahead-of-elections-11669438">rising fears</a> of <a href="https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html">digital attacks on democracy</a> around the world, including on the U.S. presidential elections in 2020.</p>
<p>Potential targets include election technology such as voter lists, computers that tally the votes and websites that report results to the public. But the threats go farther, to cyber campaigns against institutions supporting democratic processes like political parties, think tanks and the media, as well as information warfare targeting <a href="https://theconversation.com/how-the-russian-government-used-disinformation-and-cyber-warfare-in-2016-election-an-ethical-hacker-explains-99989">public opinion</a>.</p>
<h2>Old problem of election interference</h2>
<p>Russian interference in the West is <a href="https://www.pbs.org/newshour/show/the-long-history-of-russian-disinformation-targeting-the-u-s">not new</a>. The experiences of Estonia – the <a href="https://www.europeaninstitute.org/index.php/component/content/article?id=67:cyber-war-i-estonia-attacked-from-russia">first country ever victim</a> to a clearly coordinated and politically motivated cyber operation – can inform American and European defenses to these complex threats.</p>
<p>Together with its neighbors Latvia and Lithuania, Estonia has won international recognition for the <a href="https://theconversation.com/countering-russian-disinformation-the-baltic-nations-way-109366">effectiveness of its defenses</a> against politically motivated hacking and disinformation, which combine government, industry and public efforts. In the parliamentary elections of March 3, 2019, Estonians showcased the <a href="https://www.euractiv.com/section/elections/opinion/what-estonias-record-number-of-i-voters-teaches-us-about-election-trust">confidence they have in their country’s digital security</a>. </p>
<p>Three days before Election Day, close to 40 percent of those eligible had already cast their vote. <a href="https://www.valimised.ee/en/news/393-voted-during-advance-poll-ended-today">Most of those early voters</a> did so online, and <a href="https://www.valimised.ee/et/valimiste-arhiiv/elektroonilise-h%C3%A4%C3%A4letamise-statistika">44 percent of the total votes</a> were cast over the internet.</p>
<p><iframe id="8AVRn" class="tc-infographic-datawrapper" src="https://datawrapper.dwcdn.net/8AVRn/1/" height="400px" width="100%" style="border: none" frameborder="0"></iframe></p>
<h2>Preparing to defend</h2>
<p>This recent Estonian election was largely unaffected by cyberattacks or coordinated information operations. Some of the reason is likely because the country and its people have improved their understanding of the problems, and their defenses against it, over the past couple of decades. </p>
<p>Back in 2007, the relocation of a Soviet-era memorial in the Estonian capital Tallinn resulted in public protests and <a href="https://ccdcoe.org/uploads/2018/10/legalconsiderations_0.pdf">several waves of coordinated distributed denial of service</a> attacks. These did not steal citizens’ data, but they did <a href="https://www.wired.com/2007/08/ff-estonia/">shut down many digital services</a> for a number of hours on each of several days. This highlighted both the public’s increasing reliance on digital technology and the weaknesses of online systems.</p>
<p>The digital systems that Estonian governments and businesses have developed in the years since 2007 are strong, secure and trusted by users – who welcome further digitization of their lives because it is convenient and safe. Electronic banking systems, <a href="https://www.haigekassa.ee/en/people/digital-prescription/faq-digital-prescription">digital medication prescriptions</a>, <a href="https://www.kyivpost.com/technology/estonia-ditches-paper-model-e-governance-services-infographic.html">e-schools</a> and thousands of other online services rely heavily on <a href="https://www.id.ee/?lang=en&id=">government-backed secure digital identity</a>, a <a href="https://www.siseministeerium.ee/en/population-register">digital population registry</a> and a <a href="https://www.ria.ee/en/state-information-system/x-tee.html">robust data exchange layer</a> between databases and services.</p>
<p>These systems also facilitate the digital elements of <a href="https://www.valimised.ee/en">elections</a>, <a href="https://www.valimised.ee/en/internet-voting/internet-voting-estonia">including internet voting</a>. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/265973/original/file-20190326-36267-kwan51.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/265973/original/file-20190326-36267-kwan51.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/265973/original/file-20190326-36267-kwan51.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/265973/original/file-20190326-36267-kwan51.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/265973/original/file-20190326-36267-kwan51.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/265973/original/file-20190326-36267-kwan51.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=502&fit=crop&dpr=1 754w, https://images.theconversation.com/files/265973/original/file-20190326-36267-kwan51.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=502&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/265973/original/file-20190326-36267-kwan51.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=502&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Election security experts from around the world examine, in public, the computer used to tally the online votes from Estonia’s parliamentary elections in March 2019.</span>
<span class="attribution"><span class="source">Erik Peinar/Estonia State Electoral Office</span></span>
</figcaption>
</figure>
<h2>Comprehensive cyber defenses</h2>
<p>A key lesson from Estonia is that with so many different threats, no single defense can protect every part of a democratic system and society. Rather, defenders must evaluate what attackers are likely to be after – and what’s at stake.</p>
<p>In 2017, two Estonian government agencies, the State Electoral Office and the Information System Authority – where one of us, Liisa Past, was chief research officer for cybersecurity – joined forces to comprehensively analyze the threats and risks to local elections. In addition to the technical risks, like failures in connections or flaws in software, the team paid close attention to issues in management as well as the <a href="https://www.hybridcoe.fi/hybrid-threats-what-are-we-talking-about">possibilities for information warfare</a>. </p>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/265691/original/file-20190325-36273-16s0bg7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/265691/original/file-20190325-36273-16s0bg7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/265691/original/file-20190325-36273-16s0bg7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=870&fit=crop&dpr=1 600w, https://images.theconversation.com/files/265691/original/file-20190325-36273-16s0bg7.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=870&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/265691/original/file-20190325-36273-16s0bg7.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=870&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/265691/original/file-20190325-36273-16s0bg7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=1094&fit=crop&dpr=1 754w, https://images.theconversation.com/files/265691/original/file-20190325-36273-16s0bg7.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=1094&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/265691/original/file-20190325-36273-16s0bg7.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=1094&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A 64-page document assessed many of the online risks to Estonia’s cybersecurity.</span>
<span class="attribution"><a class="source" href="https://www.ria.ee/sites/default/files/content-editors/kuberturve/ria-csa-2018.pdf">Estonia Information System Authority</a></span>
</figcaption>
</figure>
<p>The Estonian government engaged in similar analyses in the lead-up to the 2019 elections. In addition, the agencies took a lesson <a href="https://www.nytimes.com/2017/05/06/world/europe/emmanuel-macron-hacking-attack-what-we-know-and-dont-know.html">from the French</a> and <a href="https://www.cnn.com/2016/12/26/us/2016-presidential-campaign-hacking-fast-facts/index.html">U.S. experience in 2016</a> and taught political parties and individual candidates how to protect themselves and their information online.</p>
<p>Similarly, <a href="https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf">governments across the European Union are sharing their best ideas</a> about designing trustworthy election systems. Logging and monitoring network access, for example, can help computer administrators quickly detect and respond to unauthorized activity.</p>
<h2>Understanding the double threat of information operations</h2>
<p>Estonia’s lessons may be useful elsewhere. In the past five years, Russian attacks have targeted both election-specific systems, like the Ukrainian <a href="https://phys.org/news/2014-10-hackers-ukraine-election-website.html">national election commission website</a> in 2014, and the <a href="https://www.hybridcoe.fi/wp-content/uploads/2018/10/Strategic-Analysis-2018-8-Past.pdf">larger public discussion</a> around the election and current political issues. </p>
<p>Online efforts seeking to <a href="https://theconversation.com/weaponized-information-seeks-a-new-target-in-cyberspace-users-minds-100069">manipulate people’s views</a> in the run-up to the 2016 <a href="https://www.telegraph.co.uk/technology/2018/10/17/russian-iranian-twitter-trolls-sent-10-million-tweets-fake-news/">Brexit vote</a>, as well as during presidential campaigns in the U.S. and <a href="https://firstmonday.org/article/view/8005/6516">France</a>, are quite similar to Cold War tactics known as “<a href="https://globalsecurityreview.com/cold-war-2-0-russian-information-warfare/">information operations</a>.” </p>
<p>The practitioners use 21st-century tools like <a href="https://www.nytimes.com/2015/06/07/magazine/the-agency.html">social media</a> and <a href="https://www.recode.net/2017/11/2/16598312/russia-twitter-trump-twitter-deactivated-handle-list">automation</a> to plant false stories and <a href="https://hub.jhu.edu/2018/08/24/russian-trolls-bots-spread-vaccine-misinformation/">exploit social divisions</a>. They don’t necessarily seek to break through network firewalls or compromise any secure government systems, but rather appear to unwitting online audiences as <a href="https://www.scientificamerican.com/article/how-twitter-bots-help-fuel-political-feuds/">authentic fellow contributors</a> in a free, open debate. </p>
<p><a href="https://www.sotrender.com/blog/2018/10/quick-guide-identifying-bots-and-trolls/">Bots’ characteristic behaviors</a> can give them away. Yet there are <a href="https://qz.com/1422395/how-many-of-donald-trumps-twitter-followers-are-fake/">so many of them</a> that they can crowd out human voices and undermine the democratic principle of <a href="https://www.theguardian.com/commentisfree/2018/dec/23/social-media-existential-threat-idea-democracy">real participation by actual people</a>. </p>
<h2>Defense in depth</h2>
<p>Elections’ legitimacy depends on more than just technical security. They must also be seen to be free of external influence. Governments should take comprehensive views of their security, and threats to it – accounting for elements as diverse as cyber defenses of essential systems and the effects of information warfare on voters. </p>
<p>It’s a worldwide problem, with Russia exerting influence not just in the U.S. and Estonia but <a href="https://theconversation.com/russian-influence-operations-extend-into-egypt-111167">also Egypt</a>, and <a href="https://theconversation.com/how-australia-can-help-the-us-make-democracy-harder-to-hack-102954">China attacking Australia</a>’s political system. </p>
<p>The response, therefore, has to include <a href="https://ec.europa.eu/digital-single-market/en/news/communication-tackling-online-disinformation-european-approach">open, healthy public debate and media literacy</a> as well as preventing, detecting and mitigating the effects of cyberattacks on the <a href="https://www.ria.ee/public/Cyber_security_of_Election_Technology.pdf">confidentiality, availability and integrity</a> at the very core of democratic systems.</p><img src="https://counter.theconversation.com/content/109222/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Liisa Past worked as a Chief Research Officer of the Estonian Information System Authority and in this capacity focused on cybersecurity of election technology, including being in charge of comprehensive risk assessment for the 2017 local elections and spearheading the effort behind EU Compendium On Cyber Security of Election Technology, She continues to work with the Estonian National Elections Office and the European Commission. In 2018/19 she is a Next Generation Leader at the McCain Institute at Arizona State University.</span></em></p><p class="fine-print"><em><span>Keith Brown does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>An Estonian cybersecurity leader explains how her country defends itself, its society and its elections from Russian interference.Liisa Past, Next Generation Leader, McCain Institute for International Leadership, Arizona State UniversityKeith Brown, Professor of Politics and Global Studies, Arizona State UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1048302018-10-18T10:34:12Z2018-10-18T10:34:12ZBlockchains won’t fix internet voting security – and could make it worse<figure><img src="https://images.theconversation.com/files/240662/original/file-20181015-165894-6jjdjj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">An e-ballot is less secure than one on paper.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/womans-hand-pressing-on-questionnaire-icon-1049383256">SvetaZi/Shutterstock.com</a></span></figcaption></figure><p>Looking to <a href="https://www.history.com/news/why-do-we-vote-on-a-tuesday-in-november">modernize voting practices</a>, speed <a href="https://www.vox.com/2014/10/9/6951251/map-voting-time-by-state">waiting times at the polls</a>, <a href="https://www.census.gov/newsroom/blogs/random-samplings/2017/05/voting_in_america.html">increase voter turnout</a> and generally <a href="https://civicyouth.org/why-youth-dont-vote-differences-by-race-and-education/">make voting more convenient</a>, many government officials – and some companies hawking voting systems – are looking to an emerging technology called a “blockchain.” That’s what’s behind a West Virginia program in which some <a href="https://sos.wv.gov/elections/Pages/MobileVote.aspx">voters serving abroad in the military</a> will be able to <a href="https://www.washingtonpost.com/technology/2018/08/10/west-virginia-pilots-mobile-blockchain-voting-app-overseas-voters-november-election/">cast their votes from their mobile devices</a>. Similar voting schemes have <a href="https://www.zdnet.com/article/japanese-city-trials-blockchain-to-replace-traditional-voting-booths/">been tried elsewhere</a> <a href="https://www.swissinfo.ch/eng/crypto-valley-_-switzerland-s-first-municipal-blockchain-vote-hailed-a-success/44230928">in various places</a> <a href="https://www.zdnet.com/article/why-ripples-from-this-estonian-blockchain-experiment-may-be-felt-around-the-world/">around the world</a>.</p>
<p>As researchers in the <a href="https://www.initc3.org/">Initiative for CryptoCurrencies and Contracts</a>, we believe in the <a href="https://theconversation.com/blockchains-focusing-on-bitcoin-misses-the-real-revolution-in-digital-trust-58125">transformative potential of blockchain systems</a> in a number of industries. Best known as the technology behind bitcoin and other cryptocurrencies, blockchains can do much more than allow anonymous strangers to send each other money without fear of fraud or tampering. They have created new ways for people to invest in technology ventures that have <a href="https://www.coindesk.com/ico-tracker/">attracted billions of dollars</a>, and may someday store records that make educational credentials, <a href="https://theconversation.com/blockchain-based-property-registries-may-help-lift-poor-people-out-of-poverty-98796">land ownership</a> and <a href="https://theconversation.com/how-safe-is-chicken-imported-from-china-5-questions-answered-80870">food origins</a> more transparent and harder to forge.</p>
<p>Blockchains might sound like an <a href="https://www.economist.com/leaders/2015/10/31/the-trust-machine">ideal remedy for the trust problems</a> caused by internet voting. Data can only be added to a blockchain – not deleted or changed – because multiple copies are stored on computers owned by different people or organizations and perhaps spread across different countries. Strict controls can be placed on a blockchain’s contents, preventing unauthorized data from being added. And blockchains are designed to be transparent – with their contents often readable by anyone’s computing device anywhere in the world.</p>
<p>Yet as <a href="https://scholar.google.com/citations?user=uf0D-uoAAAAJ&hl=en">scholars</a> <a href="https://scholar.google.com/citations?user=-cD_HsIAAAAJ&hl=en">who have</a> <a href="https://scholar.google.com/citations?user=1oUGY7cAAAAJ&hl=en">studied</a> traditional and blockchain-based voting, we believe that while blockchains may help with some specific issues, they can’t fix the basic problems with internet voting. In fact, they could make things worse.</p>
<h2>Computers can break, or be broken</h2>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/240663/original/file-20181015-165894-zrbshw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/240663/original/file-20181015-165894-zrbshw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/240663/original/file-20181015-165894-zrbshw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=600&fit=crop&dpr=1 600w, https://images.theconversation.com/files/240663/original/file-20181015-165894-zrbshw.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=600&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/240663/original/file-20181015-165894-zrbshw.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=600&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/240663/original/file-20181015-165894-zrbshw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=754&fit=crop&dpr=1 754w, https://images.theconversation.com/files/240663/original/file-20181015-165894-zrbshw.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=754&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/240663/original/file-20181015-165894-zrbshw.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=754&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">‘Best practices for internet voting are like best practices for drunk driving.’ -Ron Rivest.</span>
<span class="attribution"><a class="source" href="https://commons.wikimedia.org/wiki/File:Ronald_L_Rivest_photo.jpg">Ronald Rivest</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span>
</figcaption>
</figure>
<p>For years, experts on election security have warned that <a href="https://motherboard.vice.com/en_us/article/kb7py9/this-is-why-we-still-cant-vote-online">the internet is too dangerous</a> for such socially crucial and time-sensitive functions as voting. Renowned cryptographer Ronald Rivest, for instance, has remarked that “<a href="https://people.csail.mit.edu/rivest/pubs/Kan10.pdf">Best practices for internet voting</a> are like best practices for drunk driving” – there’s no safe way to do either one.</p>
<p>The stakes are enormous. Democracy requires <a href="https://theconversation.com/election-legitimacy-at-risk-even-without-a-november-cyberattack-64418">widespread public trust</a> – not just that a declared winner actually received the largest number of votes, but in the <a href="https://www.theatlantic.com/international/archive/2016/10/trump-election-rigged-democracy/504338/">integrity of the system</a> as a whole. People need to trust that the votes they cast are the ones that are counted, that their neighbors’ votes are totaled accurately and not the result of bribery or coercion and that local tallies are communicated safely to state election officials.</p>
<p>Even advanced computing devices today cannot provide such assurances. Most hardware and software are <a href="https://theconversation.com/what-are-software-vulnerabilities-and-why-are-there-so-many-of-them-77930">rife with hidden security flaws</a>, and are <a href="https://theconversation.com/the-petya-ransomware-attack-shows-how-many-people-still-dont-install-software-updates-77667">not regularly updated</a>. Devices are vulnerable, and so are networks. <a href="https://www.wired.com/2016/12/botnet-broke-internet-isnt-going-away/">Internet outages</a> – even caused by trivialities like <a href="https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/">gamers trying to get a leg up</a> on their competitors – could prevent people from voting. Intentional, targeted attacks against internet traffic could cause <a href="https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia">major disruptions to democratic institutions on a national scale</a>. </p>
<p>The stability and integrity of democratic society itself are too important to be relegated to flawed computer systems. </p>
<h2>Adversaries are looking for opportunities</h2>
<p>Hackers – backed by <a href="https://theconversation.com/tracing-the-sources-of-todays-russian-cyberthreat-81593">foreign governments</a> or not – are always looking for new targets and fresh ways to <a href="https://theconversation.com/how-the-russian-government-used-disinformation-and-cyber-warfare-in-2016-election-an-ethical-hacker-explains-99989">sow social discord</a>. They’ll find – and <a href="https://theconversation.com/weaponized-information-seeks-a-new-target-in-cyberspace-users-minds-100069">fully exploit</a> – any technical weaknesses available to them. Without a <a href="https://theconversation.com/paper-trails-and-random-audits-could-secure-all-elections-dont-save-them-just-for-recounts-in-close-races-94243">paper trail</a>, the <a href="https://theconversation.com/election-legitimacy-at-risk-even-without-a-november-cyberattack-64418">very possibility</a> that someone could have secretly changed votes will <a href="https://theconversation.com/how-vulnerable-to-hacking-is-the-us-election-cyber-infrastructure-63241">further erode public trust</a> in <a href="https://theconversation.com/using-randomness-to-protect-election-integrity-74139">democratic elections</a>.</p>
<p><a href="http://www.pewresearch.org/fact-tank/2016/11/08/on-election-day-most-voters-use-electronic-or-optical-scan-ballots/ft_16-11-07_votingtechnology/"><img width="640" height="600" src="http://www.pewresearch.org/wp-content/uploads/2016/11/FT_16.11.07_votingTechnology.png?w=640" class="attachment-large size-large" alt="" srcset="http://www.pewresearch.org/wp-content/uploads/2016/11/FT_16.11.07_votingTechnology.png 640w, http://www.pewresearch.org/wp-content/uploads/2016/11/FT_16.11.07_votingTechnology-300x281.png 300w, http://www.pewresearch.org/wp-content/uploads/2016/11/FT_16.11.07_votingTechnology-200x188.png 200w, http://www.pewresearch.org/wp-content/uploads/2016/11/FT_16.11.07_votingTechnology-260x244.png 260w, http://www.pewresearch.org/wp-content/uploads/2016/11/FT_16.11.07_votingTechnology-432x405.png 432w, http://www.pewresearch.org/wp-content/uploads/2016/11/FT_16.11.07_votingTechnology-50x47.png 50w, http://www.pewresearch.org/wp-content/uploads/2016/11/FT_16.11.07_votingTechnology-160x150.png 160w" sizes="(max-width: 640px) 100vw, 640px"></a></p>
<h2>Blockchains depend on computing devices</h2>
<p>A key method by which blockchain voting could worsen election integrity is by claiming to increase trustworthiness without actually doing so. </p>
<p>It’s easy to imagine a voting system in which only authorized voters could cast ballots, with those ballots indelibly recorded on a blockchain. The blockchain would act as a single authoritative election record that could not be erased or tampered with. For all intents and purposes, the record would be hack-proof.</p>
<p>However, tallying votes on a blockchain doesn’t magically make a voter’s phone or computer secure. A vote may be securely recorded, but that means nothing if the vote was cast incorrectly to begin with. If your phone is infected with malware that switches your vote from Candidate R to Candidate D, it doesn’t matter how secure the rest of the voting system is – the election has still been hacked. In some cases, blockchains may be able to <a href="https://courses.csail.mit.edu/6.857/2016/files/2.pdf">help voters detect that sort of tampering</a> – but only if the hack-detection software itself hasn’t been hacked.</p>
<p>In addition, some companies’ business practices undermine the potential to trust their blockchain systems. The <a href="https://voatz.com/">manufacturer of the system West Virginia will use</a> in November – like many companies manufacturing physical voting machines – is <a href="https://www.nytimes.com/2017/08/03/opinion/open-source-software-hacker-voting.html">refusing to embrace the transparency</a> that is central to the security industry, the blockchain community, and democracy itself. They are not providing public access to the cryptographic protocols at the heart of their systems, leaving the public instead to rely on the manufacturer’s promises of security. There’s no way for an independent auditor to be truly certain that the systems are free of subtle bugs or security flaws – or even massive holes that would be obvious to experts. </p>
<h2>Vote buying becomes newly possible</h2>
<p>Another way blockchain voting could worsen existing voting problems is by increasing the likelihood of vote buying. Sometimes a <a href="https://www.washingtonpost.com/politics/decision2012/selling-votes-is-common-type-of-election-fraud/2012/10/01/f8f5045a-071d-11e2-81ba-ffe35a7b6542_story.html">glass of beer</a> is all that’s needed to bribe a voter. Vote buying is happily rare in large-scale U.S. elections, in part because the secret ballot makes verifying a bought vote very difficult and because there are <a href="https://www.law.cornell.edu/uscode/text/18/597">serious criminal penalties</a>. </p>
<p>Internet voting could completely negate both of these protections. Putting votes on blockchains eliminates the secrecy of the voting booth. Encryption doesn’t help: Software can prove mathematically to a vote buyer that a voter’s device encrypted the name of a particular candidate. In addition, foreigners who might try to influence people’s votes are very <a href="https://www.nytimes.com/2018/07/13/us/politics/mueller-indictment-russian-intelligence-hacking.html">hard to prosecute</a>.</p>
<p>Some <a href="https://votem.com">voting companies contend</a> that their systems publicly identify voters only by random numerical identifiers, so they <a href="https://github.com/votem/proof-of-vote">aren’t subject to vote-buying or intimidation</a>. But in many of these systems, voting identities can be linked to accounts in cryptocurrency systems – where a voter could receive a bribe, <a href="https://www.investopedia.com/terms/s/stealth-address-cryptocurrency.asp">potentially without revealing</a> who was paid, how much or by whom. </p>
<p>Officials and companies who promote online voting are creating a false sense of security – and putting the integrity of the election process at risk. In seeking to use blockchains as a protective element, they may in fact be introducing new threats into the crucial mechanics of democracy.</p><img src="https://counter.theconversation.com/content/104830/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Ari Juels receives funding from the National Science Foundation, Army Research Lab, and the Initiative for CryptoCurrencies and Contracts (IC3), whose industry partners are listed at <a href="https://www.initc3.org/partners.html">https://www.initc3.org/partners.html</a>. He advises several blockchain-related companies, none of which is involved in voting. </span></em></p><p class="fine-print"><em><span>Ittay Eyal and Oded Naor do not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The stability and integrity of democratic society are too important to be relegated to inherently flawed computer systems that are vulnerable to malfunctions and malicious attacks.Ari Juels, Professor of Computer Science, Jacobs Technion-Cornell Institute, Cornell Tech, and Co-Director, Initiative for CryptoCurrencies and Contracts (IC3), Cornell UniversityIttay Eyal, Associate Director, Initiative For Cryptocurrencies and Contracts (IC3); Assistant Prof. of Electrical Engineering, Technion - Israel Institute of TechnologyOded Naor, Member of the Initiative For Cryptocurrencies and Contracts (IC3); Visiting researcher at Cornell-Tech; Graduate student in Electrical Engineering, Technion - Israel Institute of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1017652018-09-06T10:45:30Z2018-09-06T10:45:30Z4 ways to defend democracy and protect every voter’s ballot<figure><img src="https://images.theconversation.com/files/233981/original/file-20180828-86123-bdmwev.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C4297%2C3047&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">How confident should voters be that their ballots will be counted accurately?</span> <span class="attribution"><a class="source" href="http://www.apimages.com/metadata/Index/Florida-Primary/0b1cdb68c2b5403fb0b1884673e55b55/12/0">AP Photo/Wilfredo Lee</a></span></figcaption></figure><p>As voters prepare to cast their ballots in the November midterm elections, it’s clear that <a href="https://www.technologyreview.com/s/611830/hackers-are-out-to-jeopardize-your-vote/">U.S. voting is under electronic attack</a>. <a href="https://theconversation.com/how-the-russian-government-used-disinformation-and-cyber-warfare-in-2016-election-an-ethical-hacker-explains-99989">Russian government hackers</a> probed some states’ computer systems in the runup to the 2016 presidential election and are <a href="https://theconversation.com/securing-americas-voting-systems-against-spying-and-meddling-6-essential-reads-99986">likely to do so again</a> – as might <a href="https://www.nytimes.com/2018/08/21/technology/facebook-political-influence-midterms.html">hackers from other countries</a> or nongovernmental groups interested in sowing discord in American politics.</p>
<p>Fortunately, there are <a href="http://homepage.divms.uiowa.edu/%7Ejones/voting/">ways to defend elections</a>. Some of them will be new in some places, but these defenses are not particularly difficult nor expensive, especially when judged against the value of public confidence in democracy. I served on the Iowa board that examines voting machines from 1995 to 2004 and on the <a href="https://www.eac.gov/about/technical-guidelines-development-committee/">Technical Guidelines Development Committee</a> of the <a href="https://www.eac.gov/">United States Election Assistance Commission</a> from 2009 to 2012, and <a href="https://www.theatlantic.com/magazine/archive/2017/12/guardian-of-the-vote/544155/">Barbara Simons</a> and I coauthored the 2012 book “<a href="https://www.press.uchicago.edu/ucp/books/book/distributed/B/bo13383590.html">Broken Ballots</a>.”</p>
<p>Election officials have an important role to play in protecting election integrity. Citizens, too, need to ensure their local voting processes are safe. There are two parts to any voting system: the computerized systems tracking voters’ registrations and the actual process of voting – from preparing ballots through results tallying and reporting.</p>
<h2>Attacking registrations</h2>
<p>Before the passage of the <a href="http://legislink.org/us/pl-107-252">Help America Vote Act of 2002</a>, voter registration in the U.S. was largely decentralized across 5,000 local jurisdictions, mostly county election offices. HAVA changed that, requiring states to have centralized online voter registration databases accessible to all election officials.</p>
<p>In 2016, <a href="https://www.justice.gov/opa/pr/grand-jury-indicts-12-russian-intelligence-officers-hacking-offenses-related-2016-election">Russian government agents</a> allegedly tried to access <a href="https://www.washingtonpost.com/news/the-fix/wp/2017/09/23/what-we-know-about-the-21-states-targeted-by-russian-hackers/">voter registration systems in 21 states</a>. Illinois officials have <a href="http://www.govtech.com/security/Hacked-Voter-Records-in-Illinois-Soar-to-Half-a-Million.html">identified their state</a> as the only one whose databases were, in fact, breached – with <a href="http://www.govtech.com/security/Hacked-Voter-Records-in-Illinois-Soar-to-Half-a-Million.html">information on 500,000 voters</a> viewed and potentially copied by the hackers. </p>
<p>It’s not clear that any information was corrupted, changed or deleted. But that would certainly be one way to interfere with an election: either changing voters’ addresses to assign them to other precincts or simply deleting people’s registrations.</p>
<p>Another way this information could be misused would be to fraudulently request absentee ballots for real voters. Something like that happened on May 29, 2013, when Juan Pablo Baggini, an overzealous campaign worker in Miami, <a href="https://www.nbcmiami.com/news/local/After-Raid-at-Home-of-Campaign-Worker-Mayoral-Candidate-Francis-Suarez-Says-No-Election-Laws-Were-Violated-211516981.html">used his computer to file online absentee ballot requests</a> on behalf of 20 local voters. He apparently thought he had their permission, but <a href="https://www.miamiherald.com/news/local/community/miami-dade/article1952450.html">county officials noticed the large number of requests</a> coming from the same computer in a short period of time. Baggini and another campaign worker were <a href="https://www.miamiherald.com/news/local/community/miami-dade/article1954359.html">charged with misdemeanors and sentenced to probation</a>.</p>
<p>A more sophisticated attack could use voters’ registration information to select targets based on how likely they are to vote a particular way and use common hacking tools to file electronic absentee ballot requests for them – appearing to come from a variety of computers over the course of several weeks. On Election Day, when those voters went to the polls, they’d be told they already had an absentee ballot and would be prevented from voting normally.</p>
<h2>Two defenses for voter registration</h2>
<p>There are two important defenses against these and other types of attacks on voter registration systems: provisional ballots and same-day registration.</p>
<p>When there are questions about whether a voter is entitled to vote at a particular polling place, federal law requires the person be issued a <a href="http://www.ncsl.org/research/elections-and-campaigns/provisional-ballots.aspx">provisional ballot</a>. The rules vary by state, and some places require provisional voters to bring proof of identity to the county election office before their ballots will be counted – which many voters may not have time to do. But the goal is that no voter should be turned away from the polls without at least a chance their vote will count. If questions arise about the validity of the registration database, provisional ballots offer a way to ensure every voter’s intent is recorded for counting when things get sorted out.</p>
<p>Same-day voter registration offers an even stronger defense. <a href="http://www.ncsl.org/research/elections-and-campaigns/same-day-registration.aspx">Fifteen states</a> allow people to register to vote right at the polling place and then cast a normal ballot. <a href="http://www.pewtrusts.org/%7E/media/legacy/uploadedfiles/pcs_assets/2009/uwisconsin1pdf.pdf">Research on same-day registration</a> has focused on turnout, but it also allows recovery from an attack on voter registration records.</p>
<p>Both approaches do require extra paperwork. If large numbers of voters are affected, that could cause long lines at polling places, which <a href="https://www.eac.gov/documents/2017/02/24/waiting-in-line-to-vote-white-paper-stewart-ansolabehere/">disenfranchise voters who cannot afford to wait</a>. And like provisional voting, same-day registration may have more stringent identification requirements than for people whose voter registrations are already on the books. Some voters may have to go home to get additional documents and hope to make it back before the polls close.</p>
<p>Further, long lines, frustrated voters and frazzled election workers can create the appearance of chaos – which can play into the narratives of those who want to discredit the system even when things are actually working reasonably well.</p>
<h2>Paper ballots are vital</h2>
<p>Election integrity experts agree that <a href="https://www.wired.com/story/defcon-election-threat-funding/">voting machines can be hacked</a>, even if the devices themselves are <a href="https://www.theregister.co.uk/2012/12/14/first_virus_elk_cloner_creator_interviewed/">not connected</a> <a href="https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/">to the internet</a>. </p>
<p>Voting machine manufacturers say their <a href="https://www.wsj.com/articles/tensions-flare-as-hackers-root-out-flaws-in-voting-machines-1534078801">devices have top-notch protections</a>, but the only truly safe assumption is that they have not yet found additional vulnerabilities. Properly defending voting integrity requires assuming a worst-case scenario, in which every computer involved – at election offices, vote-tallying software developers and machine makers – has been compromised.</p>
<p>The first line of defense is that in most of the U.S., <a href="http://www.pewresearch.org/fact-tank/2016/11/08/on-election-day-most-voters-use-electronic-or-optical-scan-ballots/">people vote on paper</a>. Hackers can’t alter a hand-marked paper ballot – though they could <a href="https://www.politico.com/magazine/story/2016/08/2016-elections-russia-hack-how-to-hack-an-election-in-seven-minutes-214144">change how a computerized vote scanner counts</a> it, or what <a href="https://www.pbs.org/newshour/nation/an-11-year-old-changed-election-results-on-a-replica-florida-state-website-in-under-10-minutes">preliminary results are reported on official websites</a>. In the event of a controversy, paper ballots can be recounted, by hand if needed. </p>
<p><a href="http://www.pewresearch.org/fact-tank/2016/11/08/on-election-day-most-voters-use-electronic-or-optical-scan-ballots/ft_16-11-07_votingtechnology/"><img width="640" height="600" src="http://assets.pewresearch.org/wp-content/uploads/sites/12/2016/11/07164119/FT_16.11.07_votingTechnology.png" class="attachment-large size-large" alt="" srcset="http://assets.pewresearch.org/wp-content/uploads/sites/12/2016/11/07164119/FT_16.11.07_votingTechnology.png 640w, http://assets.pewresearch.org/wp-content/uploads/sites/12/2016/11/07164119/FT_16.11.07_votingTechnology-300x281.png 300w, http://assets.pewresearch.org/wp-content/uploads/sites/12/2016/11/07164119/FT_16.11.07_votingTechnology-200x188.png 200w, http://assets.pewresearch.org/wp-content/uploads/sites/12/2016/11/07164119/FT_16.11.07_votingTechnology-260x244.png 260w, http://assets.pewresearch.org/wp-content/uploads/sites/12/2016/11/07164119/FT_16.11.07_votingTechnology-432x405.png 432w, http://assets.pewresearch.org/wp-content/uploads/sites/12/2016/11/07164119/FT_16.11.07_votingTechnology-50x47.png 50w, http://assets.pewresearch.org/wp-content/uploads/sites/12/2016/11/07164119/FT_16.11.07_votingTechnology-160x150.png 160w" sizes="(max-width: 640px) 100vw, 640px"></a></p>
<h2>Conduct post-election audits</h2>
<p>Without paper ballots, there is not a way to be completely sure voting system software hasn’t been hacked. With them, though, the process is clear.</p>
<p>In a growing number of states, paper ballots are subject to routine statistical audits. In California, post-election audits have been required <a href="https://www.eac.gov/assets/1/28/AUDIT%20PILOT%20FINAL%20REPORT%20TO%20EAC%20FINAL.pdf">since 1965</a>. Iowa allows <a href="https://www.legis.iowa.gov/docs/code/50.50.pdf">election officials who suspect irregularities</a> to initiate recounts even if the result appears decisive and no candidate asks for one; these are called <a href="https://www.eac.gov/assets/1/28/recounts.pdf">administrative recounts</a>. </p>
<p>Based on that experience, some election officials have told me that they suspect the current generation of scanners may be misinterpreting 1 vote in 100. That might seem like a small problem, but it’s really way too much opportunity for error. Voting simulations show that changing <a href="https://doi.org/10.1145/1022594.1022621">just one vote per voting machine</a> across the United States could be enough to allow an attacker to determine which party controls Congress.</p>
<p>Recounts are expensive and time-consuming, though, and can create illusions of disarray and chaos that reduce public confidence in the election’s outcome. A better method is called a <a href="https://doi.org/10.1109/MSP.2012.56">risk-limiting audit</a>. It’s a straightforward method of determining how many ballots should be randomly selected for auditing, based on the size of the election, the margin of the initial result and – crucially – the statistical confidence the public wants in the final outcome. There are even <a href="https://www.stat.berkeley.edu/%7Estark/Vote/auditTools.htm">free online tools</a> available to make the calculations needed.</p>
<p>Preliminary experiences with risk-limiting audits are <a href="https://www.eac.gov/assets/1/28/AUDIT%20PILOT%20FINAL%20REPORT%20TO%20EAC%20FINAL.pdf">quite promising</a>, but they could be made even more attractive by <a href="https://www.usenix.org/legacy/events/evt07/tech/full_papers/calandrino/calandrino_html/">small changes to ballot-sheet scanners</a>. The main problem is that the method is based in math and statistics, which many people don’t understand or trust. However, I believe relying on verifiable principles that any person could learn is far better than believing the assurances of companies that make voting equipment and software, or <a href="https://triblive.com/news/allegheny/11013043-74/machines-election-county">election officials who don’t understand</a> how <a href="https://www.fastcompany.com/40448876/how-hackers-are-teaching-election-officials-to-protect-their-voting-machines-learned-from-hackers-to-improve-security-for-future-elections">their machines</a> <a href="https://www.nytimes.com/2018/02/21/magazine/the-myth-of-the-hacker-proof-voting-machine.html">actually work</a>. </p>
<p>Elections must be as transparent and simple as possible. To paraphrase Dan Wallach at Rice University, <a href="https://www.cs.rice.edu/%7Edwallach/pub/texas-senate-state-affairs-15oct08.pdf">the job of an election is to convince the losers that they lost fair and square</a>. The declared winners will not ask questions and may seek to obstruct those who do ask. The losers will ask the hard questions, and election systems must be transparent enough that the partisan supporters of the losers can be convinced that they indeed lost. This sets a high standard, but it is a standard that every democracy must strive to meet.</p><img src="https://counter.theconversation.com/content/101765/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Douglas W. Jones was a co-principal investigator in the National Science Foundation funded ACCURATE (A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections) project. He was a co-founder of the Open Voting Consortium, but is not currently affiliated with that group, and he is a registered Democrat.</span></em></p>Ensuring the integrity of democratic elections from hackers and electronic tampering, and boosting public confidence in democracy, isn’t very difficult, nor expensive.Douglas W. Jones, Associate Professor of Computer Science, University of IowaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1012522018-08-23T05:25:23Z2018-08-23T05:25:23ZIf it ain’t broke, don’t fix it: Australia should stay away from electronic voting<p><em>Russia was behind an enormous effort to influence politics in the US and the UK, but was Australia targeted too? In this series, <a href="https://theconversation.com/au/topics/hacking-auspol-58635">Hacking #auspol</a>, we explore how covert foreign influence operates in Australia, and what we can do about it.</em></p>
<hr>
<p>The civic experience of interacting with analogue voting interfaces is as Australian as the <a href="https://democracysausage.org/perth_by-election_2018">democracy sausage</a>. Voters are confronted with <a href="https://www.aec.gov.au/Elections/candidates/scrutineers-handbook/voting.htm">tiny pencils</a>, plus physical security measures that involve huddling in a cardboard booth and origami-scale folding.</p>
<p>The use of paper ballots – and human counting of those ballots – creates one of the most secure electoral systems imaginable.</p>
<p>And the Australian tradition provides another sometimes under-recognised component of electoral security: <a href="https://www.aec.gov.au/About_AEC/Publications/backgrounders/compulsory-voting.htm">compulsory voting</a>. This practice secures against the <a href="https://www.theatlantic.com/politics/archive/2018/07/poll-prri-voter-suppression/565355/">voter suppression</a> tactics used to undermine elections in the United States.</p>
<p>In the digital era, smartphones are so prevalent that it might seem tempting to move to voting online. In 2013 the Australian Electoral Commission (AEC) <a href="https://web.archive.org/web/20180313184749/http://www.ecanz.gov.au/research/files/internet-voting-australian-election-systems.pdf">explored internet voting</a>. But cyber security experts say: if it ain’t broke, don’t fix it.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/election-explainer-why-cant-australians-vote-online-57738">Election explainer: why can't Australians vote online?</a>
</strong>
</em>
</p>
<hr>
<h2>US system an example of what not to do</h2>
<p>The problems the US has had with electronic voting provide a perfect illustration of what can go wrong.</p>
<p>Every year hackers and cyber security experts from across the globe converge “In Real Life” (IRL) on Las Vegas to attend one of the world’s largest and longest-running annual hacker conventions: <a href="https://www.defcon.org/">DefCon</a>.</p>
<p>Election hacking has recently gained prominence at DefCon. In 2017 the “Voting Machine Hacking Village” area revealed the cyber vulnerabilities of <a href="https://defcon.org/images/defcon-25/DEF%20CON%2025%20voting%20village%20report.pdf">US election equipment, databases and infrastructure</a>. One participant even “<a href="https://twitter.com/VotingVillageDC/status/891445496622874624">RickRolled</a>” a machine by replacing the voter profile with Rick Astley playing his song “Never Gonna Give You Up”.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"891445496622874624"}"></div></p>
<p>The <a href="https://twitter.com/VotingVillageDC">DefCon Voting Village</a> showcased electoral system vulnerabilities again this year, as <a href="https://www.pbs.org/newshour/nation/an-11-year-old-changed-election-results-on-a-replica-florida-state-website-in-under-10-minutes">Young DefCon</a> attendees <a href="https://twitter.com/wbaltv11/status/1030176719255363584">aged 8-16</a> competed for <a href="https://drive.google.com/file/d/1m-NAHyeYbH9GD1Fy4FWW4hxSwgGxX0wa/view">prize money</a> to hack into replicas of election results websites to manipulate vote tallies. It took an 11-year-old just <a href="http://time.com/5366171/11-year-old-hacked-into-us-voting-system-10-minutes/">10 minutes</a> to hack into one of the systems.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/lessons-in-trust-from-americas-experience-with-electronic-voting-69716">Lessons in trust from America's experience with electronic voting</a>
</strong>
</em>
</p>
<hr>
<p>Recent announcements from the White House indicate that <a href="https://www.usatoday.com/story/tech/2017/08/24/election-hacking-lawsuit-over-heated-georgia-race-could-sign-whats-come/574313001/">cyber-vulnerable elections</a> are more than child’s play. Earlier this month the Trump administration outlined approaches to <a href="https://www.whitehouse.gov/briefings-statements/president-donald-j-trump-strengthening-security-elections/">bolster defence against cyber operations targeting elections</a>.</p>
<h2>Where Australia stands on e-voting</h2>
<p>After the 2016 federal election, the leaders of both major parties <a href="https://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Parliamentary_Library/pubs/BriefingBook45p/ElectronicVoting">raised the possibility of introducing electronic voting at future Australian elections</a>. </p>
<p>Electronic voting is a broad church. Since 2001, the ACT has operated locally networked computers in some locations, and 283,669 voters have used the <a href="https://www.ivote.nsw.gov.au/faq.aspx">iVote</a> system in NSW elections.</p>
<p>As early as 2007, the AEC piloted electronically assisted voting to enable access for visually impaired voters. It also trialled voting across a secure network for Australian Defence Force personnel serving overseas.</p>
<p>At the 2013 federal election, the AEC <a href="https://annualreport.aec.gov.au/2013/case-studies/electronic-lists.html">piloted the use of electronically certified lists (ECLs)</a>. This technology enables voters to be marked more quickly off voting rolls, thus avoiding the queues caused by that nice person with a pencil and ruler who looks quizzically at your driving licence.</p>
<p>Electronic scanning and counting of ballot papers was introduced in the 2016 federal election, but subsequently became subject to an inquiry.</p>
<p>In cybersecurity, we are fond of pointing out that no digital system is ever truly secure. Moving to comprehensive, end-to-end, online voting should never take place. The risks of disruption to online voting are, and will remain, simply too high.</p>
<h2>Vulnerabilities beyond e-voting</h2>
<p>Of course there are other vulnerabilities in the Australian electoral system – dependencies in any system lead to vulnerabilities. <a href="https://www.us-cert.gov/sites/default/files/c3vp/crr_resources_guides/CRR_Resource_Guide-EDM.pdf">External dependencies management</a> is essential for security in elections. For governments, such dependencies include the use of private contractors.</p>
<p>In January, the <a href="https://www.anao.gov.au/work/performance-audit/aec-procurement-services-conduct-2016-federal-election">Australian National Audit Office</a> found that transport suppliers and contractors delivering a new <a href="https://www.themandarin.com.au/87745-electoral-commissioner-agency-made-best-tricky-situation/">Senate ballot scanning system</a> could not meet security requirements. The Australian Signals Directorate warned the AEC that IT security problems could not be resolved in time for election day. Shortly thereafter, the <a href="https://www.coag.gov.au/sites/default/files/communique/coag-communique-february-2018.pdf">Council of Australian Governments</a> ordered “health checks” of electoral systems.</p>
<p>In June, the Joint Standing Committee on Electoral Matters <a href="http://parlinfo.aph.gov.au/parlInfo/download/committees/reportjnt/024070/toc_pdf/Thirdinterimreportontheinquiryintotheconductofthe2016federalelectionAECmodernisation.pdf;fileType=application%2Fpdf">found</a> that the AEC needed to update its IT infrastructure to support its core election and voter roll management systems.</p>
<p>Foreign adversaries have been accused of attempting to <a href="https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/">compromise</a> electoral roll systems in the 2016 US election. In response to this threat the Australian government has provided grants to political parties to seek compliance against the <a href="https://acsc.gov.au/publications/protect/Top_4_Mitigations.pdf">top four basic cyber security measures</a>.</p>
<h2>Disinformation is a bigger threat</h2>
<p>Such initiatives are welcome. But it is unlikely that large parties would be the target of a genuinely subversive measure designed to create disruption.</p>
<p>There are a few options for an adversary seeking to “hack” an election. The first is to “go loud” and undermine the public’s belief in the players, the process, or the outcome itself. This might involve stealing information from a major party, <a href="https://www.wired.com/story/dnc-lawsuit-reveals-key-details-2016-hack/">for example</a>, and then anonymously leaking it. Or it might mean, rather than attacking voting machines themselves, attacking and changing the data held by the AEC. This would force the agency to <a href="http://www.abs.gov.au/websitedbs/d3310114.nsf/home/Australian%20Statistician%20-%20Speeches%20-%20Census%202016%20Lessons%20Learned">publicly admit a concern</a>, which in turn would undermine confidence in the system.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/russian-trolls-targeted-australian-voters-on-twitter-via-auspol-and-mh17-101386">Russian trolls targeted Australian voters on Twitter via #auspol and #MH17</a>
</strong>
</em>
</p>
<hr>
<p>In Australia, this approach would not ultimately affect the actual result due to the security of our physical system. Such an obvious breach might be a prize for an adversary, but its actual effect on a nation with compulsory voting would be short-lived.</p>
<p>The real risk to any election is the <a href="https://www.intelligence.senate.gov/sites/default/files/documents/os-phoward-080118.pdf">manipulation of social media</a>, and a more successful and secretive campaign to alter the outcome of the Australian election might focus on a minor party. </p>
<p>An adversary could steal the membership database and electoral roll of a party with poor security, locate the social media accounts of those people, and then slowly use social media manipulations to influence an active, vocal group of voters.</p>
<h2>Securing the elections of the future</h2>
<p>In June, ahead of the July 28 by-elections, the government set up an <a href="https://www.reuters.com/article/us-australia-security-elections/australia-forms-task-force-to-guard-elections-from-cyber-attacks-idUSKCN1J506D">Electoral Task Force</a> composed of Department of Home Affairs, the Australian Federal Police, Australian Security Intelligence Organisation and Australian Cyber Security Centre, to guard against foreign interference in future elections.</p>
<p>In an era when foreign influence via <a href="https://theconversation.com/russian-trolls-targeted-australian-voters-on-twitter-via-auspol-and-mh17-101386">social media is likely</a>, this task force should be invested with <a href="https://www.homeaffairs.gov.au/consultations/Documents/explanatory-document.pdf">sufficient powers</a> to analyse social media and compel social media companies to take down foreign adversarial accounts in real time. </p>
<p>Such an approach might feasibly be taken through existing frameworks – too much coordination between the government and social networks could be incompatible with a free and open public sphere. But faced by a challenge with few clear solutions, every available option should be considered.</p>
<p>Meanwhile, calls for, and the development of, digital voting solutions are not going away. </p>
<p>Australian start-up <a href="https://horizonstate.com/">Horizon State</a> has used blockchain technology to <a href="https://horizonstate.com/Horizon-State-Whitepaper.pdf">create verified, secure voting systems</a>. Horizon State will <a href="http://www.abc.net.au/news/2018-07-24/blockchain-innovators-seek-to-disrupt-indonesian-electoral-fraud/10025900">deploy the system in Sumatra</a>, hoping scale up for future Indonesian elections.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/africa-leads-the-way-in-election-technology-but-theres-a-long-way-to-go-84925">Africa leads the way in election technology, but there's a long way to go</a>
</strong>
</em>
</p>
<hr>
<p><a href="https://xkcd.com/2030/">Not everyone</a> is certain that blockchain will provide an ideal solution. Such approaches are good for developing democracies, where human corruption in officialdom is the major security risk to elections. But in a mature democracy like Australia, sometimes the tried and true traditions are the best defence.</p>
<p>During the Australian <a href="https://www.electionsausagesizzle.com.au/2016-federal-election-sausage-sizzle-map/">2016 federal election</a>, Twitter added a sausage on bread emoji to the hashtag #ausvotes. This is one election “hack” we can be <a href="https://twitter.com/adamhillscomedy/status/750356069998788608">happy to celebrate</a>. But hey, just don’t use a knife and fork, alright?</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"750356069998788608"}"></div></p><img src="https://counter.theconversation.com/content/101252/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Tom Sear does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Australia has one of the most secure electoral systems imaginable thanks to paper ballots. Cybersecurity experts caution against e-voting.Tom Sear, PhD Candidate, UNSW Canberra Cyber, Australian Defence Force Academy, UNSW SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/849252017-10-03T11:40:16Z2017-10-03T11:40:16ZAfrica leads the way in election technology, but there’s a long way to go<p>Kenya’s <a href="https://theconversation.com/kenyas-fresh-election-ruling-just-another-instalment-in-a-highly-contested-process-83524">recently annulled elections</a> will soon be re-run, but the long-term questions they raised about election management are still unanswered. The spotlight is on the work of international observer teams, but there are also much wider questions of electoral capacity – problems that extend to the top of the African Union, and thence across the whole continent.</p>
<p>African democracies are in the process of co-ordinating a generation jump in applied technology. So far, they have actually done a remarkable job by global standards. After all, something like electronic voting is still not used in the UK, where people in raincoats wait patiently while someone with a pencil draws a line through their name on a paper spreadsheet. The rain-sodden voter drips into the polling booth and makes a choice, casts their vote with a pencil on a sheet of paper, and shuffles outside again while putting up an ineffectual umbrella. Nothing has changed for 100 years. </p>
<p>It’s Africa that has led the way – and the West isn’t the place to look for immediate answers for all the problems of running a 21st-century election. One such problem is the use of multiple forms of electronic voting. Voter identification by electronic means is given priority in Nigeria, but even there, it’s not implemented consistently: there are different systems provided by different companies, all submitting tenders on a competitive basis. </p>
<p>The African Union needs to devise a standard set of requirements and attributes for electronic voting across the continent. It’s no longer enough to have a protocol that says paper votes have to be placed into clear plastic ballot boxes. But the African Union has fallen behind. Its previous head, Nkosazana Dlamini-Zuma, was hardly technologically minded; in fact, her successor has apparently stressed the commission urgently needs an email system fit for purpose. </p>
<p>Dlamini-Zuma has now returned to <a href="http://ewn.co.za/2017/08/30/dlamini-zuma-reveals-priorities-for-sa-presidential-bid">line up for the presidency</a> of her home country, South Africa, whose cabinet is renowned for its technological illiteracy. There are very few images of its current president, Jacob Zuma, working on a laptop or PC, and possibly none of him actually pressing the keys. (His next door neighbour, Zimbabwe’s Robert Mugabe, has seemingly never been pictured with a laptop at all.)</p>
<p>But if the presidents might have trouble sending simple emails, the thousands of local observers at each election will need special training of the sort never attempted before. They need to know not just how the system works, but how it can be made not to work – or at least, to work in ways that do not reflect the electorate’s will. Only after that does the question of international observer capacity come into play. </p>
<h2>Mastering the system</h2>
<p>It’s fair to say that although EU observers to Kenya were deployed far in advance of the election and had good geographical coverage, the team was not replete with electronic expertise. And it’s not as if there was no advance knowledge that this would be an electronic election. </p>
<p>Well before the elections began and before the EU observer team was deployed, senior members of both the EU team and the Kenyan opposition were given access to a <a href="http://democracyinafrica.org/election-monitoring-neither-free-nor-fair/">detailed paper</a> I prepared on the problems of electronic observation. And there was ample evidence from the 2015 Nigerian elections that these things could be <a href="https://www.vanguardngr.com/2015/06/nigeria-in-need-of-electronic-voting-system/">bumpy rides</a>. To be fair, electoral commissions need to upgrade their capacities as well; whatever happened in Kenya, whether wicked or incompetent, it was clear electoral officials were not on top of their game, unlike their Nigerian counterparts, who managed to resolve their problems in the end.</p>
<p>Electoral commissions need to open up all stages of the electronic process to knowledgeable observers, and especially the verification stage. This is where subtle algorithmic adjustments can be inserted to preserve close parity between voting patterns on the ground and “verified” results that “just” deliver very narrow victories to a ruling party.</p>
<p>At least electronic cheating can only really work persuasively in close elections. The days of 90% victories are almost (if not quite) over, but they will be followed a rash of elections “won” by about 2%. Margins of about 4%, as in the Kenyan elections, will have to be open to expert interrogation. As it turned out, Kenya’s elections were annulled on grounds of non-electronic irregularities, but neither the opposition nor the electoral commission seemed able to make sustained cases for or against electronic abuse. </p>
<p>Still, it is Africa that has come almost of age in electronic and digital voting. The West’s elections look like Sony Walkmans in the age of the smartphone. Even that comparison might be a bit flattering: in the UK, going to vote is like <a href="https://www.youtube.com/watch?v=AxHVvkUw7Ro">cranking up an LP on a turntable to 78rpm</a>. Let’s hope Africa’s new leaders and technocrats will make the generational jump more smoothly in the future, and keep showing the creaky old West the way.</p><img src="https://counter.theconversation.com/content/84925/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Stephen Chan does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>African democracies are embracing electronic voting far more confidently than the West.Stephen Chan, Professor of World Politics, SOAS, University of LondonLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/697162016-12-22T22:35:41Z2016-12-22T22:35:41ZLessons in trust from America’s experience with electronic voting<figure><img src="https://images.theconversation.com/files/150657/original/image-20161219-24265-yzzu9d.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">What’s missing for elections using technology are careful transparency and scrutiny measures to help mitigate risks and build trust.</span> <span class="attribution"><span class="source">Reuters/Charles Mostoller</span></span></figcaption></figure><p><em>This article was co-authored by Ian Brightwell, former director of IT at the New South Wales Electoral Commission.</em></p>
<hr>
<p>It reads like a Hollywood movie. Elite hackers, allegedly sponsored by the Russian government, infiltrate the computer systems <a href="https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/">of the Democratic National Committee</a>. Thousands of emails are stolen and <a href="https://wikileaks.org/dnc-emails/">published by WikiLeaks</a>.</p>
<p>And then, suspected Russian hackers attack the voter registration systems of <a href="https://www.apnews.com/c6f67fb36d844f28bd18a522811bdd18/US-official:-Hackers-targeted-election-systems-of-20-states">more than 20 American states</a>. Up to 200,000 voter records <a href="https://www.yahoo.com/news/fbi-says-foreign-hackers-penetrated-000000175.html">are stolen</a> from one system.</p>
<p>These seemingly far-fetched cyberattacks actually happened in the lead-up to the US presidential election. The country’s intelligence community believes these attacks were <a href="https://www.dhs.gov/news/2016/10/07/joint-statement-department-homeland-security-and-office-director-national">“intended to interfere with the US election process”</a>, or perhaps even to <a href="https://www.washingtonpost.com/world/national-security/obama-orders-review-of-russian-hacking-during-presidential-campaign/2016/12/09/31d6b300-be2a-11e6-94ac-3d324840106c_story.html">influence the election outcome</a>.</p>
<p>While there is as-yet no evidence of cyberattacks during the election itself, several states used insecure electronic election systems. This has resulted in many voters losing trust in the electoral process and petitions for recounts.</p>
<p>But would recounts be sufficient to rebuild trust? And what can Australia learn about maintaining trust in the electoral process as technology becomes widespread?</p>
<h2>Recounts in the US</h2>
<p>Green Party candidate Jill Stein and election security experts <a href="https://www.theguardian.com/us-news/2016/nov/29/security-experts-join-jill-steins-election-changing-recount-campaign">called for</a> full manual recounts of the original paper ballots for the presidential election in the states of Wisconsin, Pennsylvania and Michigan. Doing it manually would have eliminated the potential for compromised or defective systems to affect the recount.</p>
<p>However, <a href="http://www.nytimes.com/2016/12/12/us/pennsylvania-and-wisconsin-end-election-recount-efforts.html">legal action</a> stopped the recounts from going ahead in Pennsylvania and Michigan. And Donald Trump’s margin of victory <a href="https://www.theguardian.com/us-news/2016/dec/12/pennsylvania-recount-jill-stein-request-denied">increased in Wisconsin</a> following the recount there.</p>
<p>Each county in Wisconsin decided separately on which recount method it used. This depended on whether voting was by voting machines with audit printouts or by paper with automated scanning and counting.</p>
<p>Voting machines in Wisconsin produced paper audit trails as voters voted. For these systems the paper audit trail is manually counted.</p>
<p>In optical scan voting, voters filled out their votes on optical scan paper ballots, which were then automatically scanned and computer-counted. To recount those, a county must choose to either switch to manually counting the paper ballots, or repeat the automated scan and computer count process.</p>
<p>Simply repeating the automated scan and count process has fundamental problems; fraud and error in the initial count might simply be repeated in the recount. A compromised scanner could make the same fraudulent changes to the tally. A defective scanner could experience the same software or hardware errors – say, by systematically misinterpreting particular ballots.</p>
<p>A reliable recount in Pennsylvania would have been even more difficult. Its voting machines don’t print audit trails, and so there is no way to recount or audit the votes cast using them. </p>
<p>Stein’s <a href="https://d3n8a8pro7vhmx.cloudfront.net/jillstein/pages/26798/attachments/original/1480957243/Final_PA_Federal_Complaint.pdf?1480957243">legal action</a> called for the Pennsylvania recount attempt to include a forensic audit to examine voting machines for evidence of tampering. But such an audit could still fail to detect many attacks that hide their tracks.</p>
<p>Consequently, had they been allowed to do a recount, electoral officials would have faced considerable difficulty in providing strong public reassurance that fraud and error can be detected and rectified.</p>
<h2>Lessons for Australia</h2>
<p>Elections worldwide are becoming increasingly dependent on technology. But, typically, the electronic systems adopted suffer from weak transparency and scrutiny even when the outcome is challenged. This is creating serious risks that citizen trust in electoral processes will be damaged.</p>
<p>Australia also faces these risks. The <a href="https://theconversation.com/is-the-new-senate-vote-capture-system-as-risky-as-electronic-voting-62436">Senate vote capture system</a> used in the 2016 federal election shares many of the same vulnerabilities as the optical scan voting systems used in US elections.</p>
<p>These risks could be more serious in Australia, because manual recounts would likely be insurmountably costly and slow for complex Senate elections. Electronic data capture and counting are necessary to carry out large-scale preferential counting in Australia. </p>
<p>So, although Australian handwritten ballots provide a paper trail, there is no practical manual fallback alternative for counting them.</p>
<p>Despite these risks, technology also offers the potential to increase accuracy and so actually improve trust. In elections that use simpler preferential counting methods than the Senate and are much smaller in scale, manual counting has traditionally been found to be error-prone. </p>
<p>For example, the recent manual count for the byelection in the NSW seat of Orange (a total of about 50,000 votes) was <a href="https://twitter.com/brighty0101/status/802639900189167617">found to have</a> an error of 75 votes in the “final count” versus the recount. Significantly, this error was larger than the losing margin. These manual errors had continued even after another error in an earlier count had a different candidate <a href="http://www.abc.net.au/news/elections/canterbury-by-election-2016/commentary/">winning by 66 votes</a>.</p>
<p>What’s missing for elections using technology are careful transparency and scrutiny measures to help mitigate these risks and build trust.</p>
<p>A first step to building trust is to convincingly demonstrate that election systems satisfy the high level of security, reliability and quality appropriate for failure-critical national infrastructure. This is particularly crucial when there can be no practical manual fallback as a Plan B.</p>
<p>For example, a basic transparency measure is to make the design, implementation, testing, operation and auditing of the system and procedures available for broad scrutiny. A basic scrutiny measure is to engage a wide range of experts to rigorously examine the system and procedures before, during and after the election to detect defects, vulnerabilities and other problems.</p>
<p>Building trust also requires the system and procedures to be designed to make fraud and error evident – not just to assert they are unlikely.</p>
<p>One practical scrutiny measure for Senate elections would be to check a random sample of the paper ballots against the output of the scanning machines used in the counting. This would help expose failures in the vote capture system. </p>
<p>A transparency measure already used in Senate elections is to publish the electronic votes so anyone can check the output of the electronic counting program. Implementing both measures would provide stronger public assurance for the entire Senate electronic vote capture and counting process.</p>
<p>The lesson for Australia is the importance of carefully considering what are the appropriate transparency and scrutiny safeguards to build into our systems, in advance of scandals, to ensure continued public trust in the electoral process.</p><img src="https://counter.theconversation.com/content/69716/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Elections worldwide are becoming increasingly dependent on technology. But, typically, the electronic systems adopted suffer from weak transparency and scrutiny even when the outcome is challenged.Roland Wen, Visiting Fellow, UNSW SydneyRichard Buckland, Professor in Computer Security, Cybercrime, and Cyberterror, UNSW SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/681002016-11-09T19:21:49Z2016-11-09T19:21:49ZAmerica’s aging voting machines managed to survive another election<figure><img src="https://images.theconversation.com/files/145129/original/image-20161109-16724-wwjvc6.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Depending on old technology.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/robpegoraro/20339783219/">Rob Pegoraro/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/">CC BY-NC-SA</a></span></figcaption></figure><p>During this year’s voting, the vast majority of states used outdated voting machines perilously close to the end of their projected lifespan. Back in April, we warned that <a href="https://theconversation.com/aging-voting-machines-threaten-election-integrity-54523">42 states use machines</a> that are at least a decade old. Given that a high percentage of these machines have projected lifespans of between 10 and 15 years, we argued something needs to be done soon to prevent a real crisis.</p>
<p>We also pointed out, though, that the fact that the machines are aging does not mean they will all break down at once. Fortunately, on Election Day, most Americans were able to vote on machines that functioned properly, though in a few areas like <a href="http://www.fox2detroit.com/news/elections-2016/216159836-story">Detroit</a>, problems were widespread.</p>
<p>In addition, <a href="https://www.eac.gov/election_management_resources/beready16.aspx">election officials were well-prepared</a>. Keenly aware of the potential problems associated with using antiquated equipment during a high-turnout election, they were generally able to keep voting going smoothly when <a href="https://www.washingtonpost.com/politics/competing-claims-of-voter-fraud-intimidation-raise-tensions/2016/11/08/2342e93a-a58e-11e6-ba46-53db57f0e351_story.html">problems did arise</a>.</p>
<p>Still, the failures that we did see serve as a warning of how bad things could get if we don’t replace our aging voting equipment soon. In <a href="https://www.rti.org/sites/default/files/resources/3327.pdf">a 2010 report</a>, one state’s Department of Legislative Services found that the “nature and frequency of equipment failure beyond the manufacturer’s life expectancy cannot be predicted.” As machines approach the 15-year mark, we are likely to see progressively worse and more frequent problems.</p>
<h2>Problems started early</h2>
<p>Machine problems had already cropped up at the start of this year’s early voting.</p>
<p>Many difficulties tended to affect paperless computerized voting machines, or direct recording electronic machines (DREs), on which voters make their selection on a touchscreen, with a button or a dial. In <a href="http://abcnews.go.com/US/wireStory/voting-machine-issue-georgia-officials-blame-testing-43116795">Georgia</a>, <a href="http://www.npr.org/2016/10/26/499450796/some-machines-are-flipping-votes-but-that-doesnt-mean-theyre-rigged">Nevada</a>, <a href="http://www.npr.org/2016/10/26/499450796/some-machines-are-flipping-votes-but-that-doesnt-mean-theyre-rigged">North Carolina</a>, <a href="http://www.newschannel10.com/story/33558990/voting-official-admits-numerous-occasions-of-machine-malfunctions">Tennessee</a> and <a href="http://www.npr.org/2016/10/26/499450796/some-machines-are-flipping-votes-but-that-doesnt-mean-theyre-rigged">Texas</a>, early voters reported calibration problems, or “vote flipping.” It’s a problem unique to touchscreen machines, where a voter intends to pick one candidate, but another shows up as her choice. </p>
<p>In <a href="http://www.fox13memphis.com/top-stories/problems-at-the-polls-on-first-day-of-early-voting-in-tn/458784577">Shelby County, Tennessee</a>, 30 smart cards failed, making it impossible to pull up the correct electronic ballot on voting machines. In <a href="http://kxan.com/2016/10/25/hays-county-reports-issues-with-voting-machines-at-one-location/">Hays County, Texas</a>, voters waited for over an hour because a “faulty cable connection” caused voting machines to fail on the second day of early voting.</p>
<p>Voting machine problems persisted through Election Day. <a href="https://electionlandtrends.appspot.com/">Reports of malfunction</a> came from several voting locations. Calibration errors were reported in the key swing state of <a href="http://www.usatoday.com/story/news/politics/elections/2016/2016/11/08/some-pennsylvania-voters-pick-trump-but-screen-says-clinton/93491844/">Pennsylvania</a>. In one <a href="http://www.chicagotribune.com/news/nationworld/politics/ct-election-voting-problems-20161108-story.html">Utah county</a>, due to widespread memory card failure, 75 percent of the county’s nearly 400 voting machines failed. In the <a href="http://www.fox2detroit.com/news/elections-2016/216159836-story">Detroit</a> area, optical scan machines would not accept ballots. </p>
<p>But at least in some cases, there were ways to work around these sorts of problems. In Durham County, North Carolina, computer problems caused delays for poll workers checking in voters. They switched to backup paper documents, and after litigation, <a href="http://www.cnn.com/2016/11/08/politics/north-carolina-durham-county-glitch/index.html">extended voting hours in eight precincts</a> to make up for the difficulties.</p>
<p>A full accounting of <a href="http://www.motherjones.com/politics/2016/11/election-2016-voter-intimidation-tracker-live-blog">Election Day’s problems</a> will likely take months to sort out.</p>
<p>We can’t say how many votes were affected by these problems, but they no doubt contributed to long lines. We likely saw at least as many machine problems as we saw in 2012, when approximately 500,000 to 700,000 people <a href="https://www.supportthevoter.gov/files/2013/08/Waiting-in-Line-to-Vote-White-Paper-Stewart-Ansolabehere.pdf">did not vote because of long lines</a>. Of course, there are many potential causes of long lines, including <a href="https://www.brennancenter.org/analysis/end-long-lines">misallocation of poll workers</a>. But other causes are definitely failures both of election officials to provide enough machines and of the machines themselves in certain polling places.</p>
<h2>Preventing another Bush v. Gore</h2>
<p>As machines get older, these functionality problems will likely multiply. Context matters. Imagine if these problems had taken place in an extremely close race, decided by just a few hundred or thousand votes. The fallout would be disastrous.</p>
<p>We don’t have to imagine what this would look like, because it has already happened. In 2000, problems with <a href="http://www.nytimes.com/2000/11/19/us/counting-the-vote-the-machine-new-focus-on-punch-card-system.html">faulty voting machines</a> contributed to an electoral meltdown of epic proportions.</p>
<p>One key difference between 2000 and today is that we live in a <a href="https://www.washingtonpost.com/news/monkey-cage/wp/2014/01/24/the-two-key-factors-behind-our-polarized-politics/">much more polarized political climate</a>, where discussion of “rigged” elections has become far too common. </p>
<p>Making matters worse, there are more <a href="http://www.reuters.com/article/us-usa-election-machines-idUSKCN11Q0EU">computerized voting machines</a> in use today that do not provide a paper record. In parts of the country using paperless computerized machines – <a href="https://www.brennancenter.org/analysis/fact-sheet-voting-system-security-and-reliability-risks">where more than 40 million registered voters reside</a> – voters are asked to trust a system of which they are increasingly skeptical. </p>
<p>Those concerns merge when, on Election Day, a major party candidate takes to <a href="http://www.vox.com/policy-and-politics/2016/11/8/13567060/trump-voter-fraud-2016-election">cable news</a> and <a href="https://www.washingtonpost.com/news/the-fix/wp/2016/11/08/translating-donald-trumps-voter-fraud-talk-into-reality/">Twitter</a> to cast doubt on the outcome.</p>
<p>Confidence in election outcomes and the integrity of our electoral system is the currency of our democracy. It is no exaggeration to say that without that confidence, our democracy will cease to function. Anyone who cares about the legitimacy of our elections in future years will work to ensure our oldest, least reliable and verifiable equipment is replaced.</p><img src="https://counter.theconversation.com/content/68100/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Where problems arose, voting was generally able to keep going smoothly. But those failures serve as a warning of how bad things could get if we don’t replace our voting machines soon.Lawrence Norden, Deputy Director, Democracy Program, Brennan Center for Justice, New York UniversityChristopher Famighetti, Voting Rights Researcher, Democracy Project, Brennan Center for Justice, New York UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/632412016-07-29T16:58:37Z2016-07-29T16:58:37ZHow vulnerable to hacking is the US election cyber infrastructure?<p>Following the hack of Democratic National Committee emails and reports of a new <a href="http://www.computerworld.com/article/3102024/security/fbi-probing-possible-hack-of-another-democratic-party-organization.html">cyberattack against the Democratic Congressional Campaign Committee</a>, worries abound that foreign nations may be clandestinely involved in the 2016 American presidential campaign. <a href="http://abcnews.go.com/Politics/wireStory/clues-dnc-hacking-point-russia-trump-claims-40965742">Allegations swirl that Russia</a>, under the direction of President Vladimir Putin, is secretly working to undermine the U.S. Democratic Party. The apparent logic is that a Donald Trump presidency would result in more pro-Russian policies. At the moment, the <a href="http://www.bloomberg.com/politics/articles/2016-07-25/fbi-investigating-dnc-cyber-hack-some-democrats-blame-on-russia">FBI is investigating</a>, but no U.S. government agency has yet made a formal accusation.</p>
<p>The Republican nominee added unprecedented fuel to the fire by <a href="http://www.nytimes.com/2016/07/28/us/politics/donald-trump-russia-clinton-emails.html">encouraging Russia to “find”</a> and release Hillary Clinton’s missing emails from her time as secretary of state. Trump’s comments drew sharp rebuke from the media and politicians on all sides. Some suggested that by soliciting a foreign power to intervene in domestic politics, his musings bordered on criminality or treason. Trump backtracked, saying his <a href="http://www.cnn.com/2016/07/28/politics/donald-trump-russia-hacking-sarcastic/">comments were “sarcastic,”</a> implying they’re not to be taken seriously.</p>
<p>Of course, the desire to interfere with another country’s internal political processes is nothing new. Global powers routinely monitor their adversaries and, when deemed necessary, will try to clandestinely undermine or influence foreign domestic politics to their own benefit. For example, the Soviet Union’s foreign intelligence service engaged in so-called “<a href="http://fas.org/irp/world/russia/kgb/su0523.htm">active measures</a>” designed to influence Western opinion. Among other efforts, it spread conspiracy theories about government officials and fabricated documents intended to exploit the social tensions of the 1960s. Similarly, U.S. intelligence services have conducted their own secret activities against foreign political systems – perhaps most notably its repeated attempts to <a href="https://www.washingtonpost.com/news/worldviews/wp/2014/12/11/the-history-of-absurd-american-plots-in-cuba/">help overthrow</a> pro-communist Fidel Castro in Cuba.</p>
<p>Although the Cold War is over, intelligence services around the world continue to monitor other countries’ domestic political situations. Today’s “<a href="http://www.rand.org/content/dam/rand/pubs/monographs/2009/RAND_MG654.pdf">influence operations</a>” are generally subtle and strategic. Intelligence services clandestinely try to sway the “hearts and minds” of the target country’s population toward a certain political outcome.</p>
<p>What has changed, however, is the ability of individuals, governments, militaries and criminal or terrorist organizations to use internet-based tools – commonly called <a href="https://theconversation.com/america-is-dropping-cyberbombs-but-how-do-they-work-58476">cyberweapons</a> – not only to gather information but also to generate influence within a target group.</p>
<p>So what are some of the technical vulnerabilities faced by nations during political elections, and what’s really at stake when foreign powers meddle in domestic political processes? </p>
<h2>Vulnerabilities at the electronic ballot box</h2>
<p>The process of democratic voting requires a strong sense of trust – in the equipment, the process and the people involved.</p>
<p>One of the most obvious, direct ways to affect a country’s election is to interfere with the way citizens actually cast votes. As the United States (<a href="https://www.ndi.org/e-voting-guide/electronic-voting-and-counting-around-the-world">and other nations</a>) embrace electronic voting, it must take steps to ensure the security – and more importantly, the trustworthiness – of the systems. Not doing so can endanger a nation’s domestic democratic will and create general political discord – a situation that can be exploited by an adversary for its own purposes.</p>
<p>As early as 1975, the U.S. government <a href="http://votingmachines.procon.org/sourcefiles/saltman1975.pdf">examined the idea of computerized voting</a>, but electronic voting systems were not used <a href="http://votingmachines.procon.org/view.source.php?sourceID=001042">until Georgia’s 2002 state elections</a>. Other states have adopted the technology since then, although given ongoing fiscal constraints, those with aging or problematic electronic voting machines are <a href="http://thehill.com/policy/cybersecurity/222470-states-ditch-electronic-voting-machines">returning to more traditional</a> (and cheaper) paper-based ones.</p>
<p>New technology always comes with some glitches – even when it’s not being attacked. For example, during the 2004 general election, North Carolina’s Unilect e-voting machines <a href="http://www.the-dispatch.com/news/20050730/lawmakers-shouldnt-experiment-with-ballots---remember-carteret-county">“lost” 4,438 votes</a> due to a system error.</p>
<p>But cybersecurity researchers focus on the kinds of problems that could be intentionally caused by bad actors. In 2006, Princeton computer science professor <a href="https://www.cs.princeton.edu/%7Efelten/">Ed Felten</a> demonstrated how to install a self-propagating piece of vote-changing malware <a href="http://citpsite.s3-website-us-east-1.amazonaws.com/oldsite-htdocs/pub/ts06full.pdf">on Diebold e-voting systems</a> in less than a minute. In 2011, technicians at the Argonne National Laboratory showed <a href="http://www.computerworld.com/article/2511508/security0/argonne-researchers--hack--diebold-e-voting-system.html">how to hack e-voting machines remotely</a> and change voting data. </p>
<p>Voting officials recognize that these technologies are vulnerable. Following a 2007 study of her state’s electronic voting systems, Ohio Secretary of State Jennifer L. Brunner <a href="http://abcnews.go.com/Politics/story?id=4008511">announced that</a></p>
<blockquote>
<p>the computer-based voting systems in use in Ohio do not meet computer industry security standards and are susceptible to breaches of security that may jeopardize the integrity of the voting process.</p>
</blockquote>
<p>As the first generation of voting machines ages, even maintenance and updating become an issue. A 2015 report found that electronic voting machines in 43 of 50 U.S. states <a href="http://www.brennancenter.org/sites/default/files/publications/Americas_Voting_Machines_At_Risk.pdf">are at least 10 years old</a> – and that state election officials are unsure where the funding will come from to replace them. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/80kUed21j9s?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">A rigged (and murderous) voting machine on ‘The Simpsons’ satirized the issue in 2008.</span></figcaption>
</figure>
<h2>Securing the machines and their data</h2>
<p>In many cases, electronic voting depends on a distributed network, just like the electrical grid or municipal water system. Its spread-out nature means there are many points of potential vulnerability.</p>
<p>First, to be secure, the hardware “internals” of each voting machine must be made tamper-proof at the point of manufacture. Each individual machine’s software must remain tamper-proof and accountable, as must the vote data stored on it. (Some machines provide voters with a paper receipt of their votes, too.) When problems are discovered, the machines must be removed from service and fixed. Virginia did just this in 2015 once numerous glaring <a href="https://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security">security vulnerabilities were discovered</a> in its system. </p>
<p>Once votes are collected from individual machines, the compiled results must be transmitted from polling places to higher election offices for official consolidation, tabulation and final statewide reporting. So the network connections between locations must be tamper-proof and prevent interception or modification of the in-transit tallies. Likewise, state-level vote-tabulating systems must have trustworthy software that is both accountable and resistant to unauthorized data modification. Corrupting the integrity of data anywhere during this process, either intentionally or accidentally, can lead to botched election results.</p>
<p>However, technical vulnerabilities with the electoral process extend far beyond the voting machines at the “edge of the network.” Voter registration and administration systems operated by state and national governments are at risk too. Hacks here could affect voter rosters and citizen databases. Failing to secure these systems and records could result in fraudulent information in the voter database that may lead to improper (or illegal) voter registrations and potentially the casting of fraudulent votes.</p>
<p>And of course, underlying all this is human vulnerability: Anyone involved with e-voting technologies or procedures is susceptible to coercion or human error.</p>
<h2>How can we guard the systems?</h2>
<p>The first line of defense in protecting electronic voting technologies and information is common sense. Applying the <a href="http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf">best practices</a> of cybersecurity, data protection, information access and other objectively developed, responsibly implemented procedures makes it more difficult for adversaries to conduct cyber mischief. These are essential and must be practiced regularly.</p>
<p>Sure, it’s unlikely a single voting machine in a specific precinct in a specific polling place would be targeted by an overseas or criminal entity. But the security of each electronic voting machine is essential to ensuring not only free and fair elections but fostering citizen trust in such technologies and processes – think of the chaos around the infamous <a href="http://www.usnews.com/news/articles/2008/01/17/the-legacy-of-hanging-chads">hanging chads</a> during the contested 2000 <a href="https://en.wikipedia.org/wiki/Bush_v._Gore">Florida recount</a>. Along these lines, in 2004, Nevada was the first state to mandate e-voting machines <a href="http://www.nbcnews.com/id/5937115/ns/politics-voting_problems/t/paper-trail-voting-system-used-nevada/">include a voter-verified paper trail</a> to ensure public accountability for each vote cast. </p>
<p>Proactive examination and analysis of electronic voting machines and voter information systems are essential to ensuring free and fair elections and facilitating citizen trust in e-voting. Unfortunately, some <a href="https://www.eff.org/cases/online-policy-group-v-diebold">voting machine manufacturers have invoked</a> the controversial <a href="http://www.copyright.gov/legislation/dmca.pdf">Digital Millennium Copyright Act</a> to prohibit external researchers from assessing the security and trustworthiness of their systems.</p>
<p>However, a 2015 <a href="https://community.rapid7.com/community/infosec/blog/2015/10/28/new-dmca-exemption-is-a-positive-step-for-security-researchers">exception to the act</a> authorizes security research into technologies otherwise protected by copyright laws. This means the security community can legally research, test, reverse-engineer and analyze such systems. Even more importantly, researchers now have the freedom to publish their findings without fear of being sued for copyright infringement. Their work is vital to identifying security vulnerabilities before they can be exploited in real-world elections.</p>
<p>Because of its benefits and conveniences, electronic voting may become the preferred mode for local and national elections. If so, officials must secure these systems and ensure they can provide trustworthy elections that support the democratic process. State-level election agencies must be given the financial resources to invest in up-to-date e-voting systems. They also must guarantee sufficient, proactive, ongoing and effective protections are in place to reduce the threat of not only operational glitches but intentional cyberattacks.</p>
<p>Democracies endure based not on the whims of a single ruler but the shared electoral responsibility of informed citizens who trust their government and its systems. That trust must not be broken by complacency, lack of resources or the intentional actions of a foreign power. As famed investor <a href="http://business.time.com/2010/03/01/warren-buffetts-boring-brilliant-wisdom/">Warren Buffett once noted</a>, “It takes 20 years to build a reputation and five minutes to ruin it.” </p>
<p>In cyberspace, five minutes is an eternity.</p><img src="https://counter.theconversation.com/content/63241/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Richard Forno has received research funding related to cybersecurity from the National Science Foundation (NSF), the Department of Defense (DOD), and the State of Maryland during his academic career.</span></em></p>With the DNC email leak and Trump calling on Russia to hack Clinton’s emails, concern about foreign meddling in the 2016 presidential election process is rising. Is e-voting the next cyber battleground?Richard Forno, Senior Lecturer, Cybersecurity & Internet Researcher, University of Maryland, Baltimore CountyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/621712016-07-07T07:14:10Z2016-07-07T07:14:10ZElectronic voting may be risky, but what about vote counting?<p>Several advantages of online voting were identified in a <a href="https://theconversation.com/despite-experts-fears-australia-should-be-moving-to-electronic-online-voting-61832">recent post</a> by Conversation columnist and software researcher David Glance who backed the introduction of such a scheme in Australia.</p>
<p>He is correct that an online voting system would be faster, more convenient and have fewer accidental informal votes. It would also reduce the donkey vote problem (though the “donkey vote” bias can also be dealt with by the use of <a href="http://www.parliament.tas.gov.au/tpl/backg/HAElections.htm">Robson rotation</a> on printed ballots).</p>
<p>But in my view he dismisses the very real risks not only of actual election tampering, but something equally important – the confidence that Australian elections aren’t being tampered with.</p>
<p>A vote-counting system not only needs to be secure against threats to its integrity, it needs to be seen to be secure against such threats. </p>
<p>The right technologies, deployed in the right way, can assist with speeding up vote counts without putting the integrity of our voting system at risk. The place for that technology is not as a replacement for the paper ballot.</p>
<h2>Voting is not like paying your bills</h2>
<p>Most Australians conduct many financial transactions online, such as paying bills or online banking, with a reasonable degree of confidence.</p>
<p>But while these systems do work acceptably well most of the time, there is a steady stream of fraud committed against them. Some estimates put the cost of cybercrime in Australia at <a href="https://www.ag.gov.au/CrimeAndCorruption/Cybercrime/Documents/national-plan-to-combat-cybercrime.pdf">around A$2 billion annually</a>.</p>
<p>Furthermore, there are some key differences between voting and financial transactions which will make electronic voting harder to secure.</p>
<p>For example, financial transactions are private, but not anonymous, and they are conducted on a continuous basis, not once every three years or so.</p>
<p>The two parties to a financial transaction can see how the transaction is interpreted by the financial institution involved, and can report any problems.</p>
<p>Any fraudulent financial transactions can often be reversed or compensated for on an individual basis. If an online election is found to be unsound, the only remedy may be to rerun the election.</p>
<p>Further concerns over online voting have been raised <a href="https://theconversation.com/election-explainer-why-cant-australians-vote-online-57738">elsewhere on The Conversation</a>.</p>
<h2>Confidence in elections is social, not just technical</h2>
<p>If we propose to radically change Australia’s vote-counting system, we should at least do so only after fully considering the nature of the existing system.</p>
<p>It’s pretty widely acknowledged that Australia’s vote counting system is <a href="https://theconversation.com/australias-robust-voting-system-deserves-praise-not-criticism-18320">generally accurate</a> and not subject to widespread tampering. So let’s ask the question: why do we have confidence in Australian elections?</p>
<p>Partly, it’s by direct observation as voters: as we vote, we also observe the process. We see the ballots, we see them being placed in the ballot box. But it’s also through our network of relationships. </p>
<p>Many Australians would probably know one of the <a href="http://www.abc.net.au/news/2016-07-02/election-2016-3m-queenslanders-to-vote-and-gobble-down-snags/7562296">75,000 temporary poll workers</a>. Those more interested in politics are likely to know a scrutineer, a representative of a party on the ballot who directly observes the vote counting.</p>
<p>Confidence in Australian elections is therefore the result of the observations of a large fraction of the Australian population. The confidence that a conspiracy to rig a vote involving many ordinary Australians is beyond the realms of plausibility. </p>
<p>While all manner of other conspiracy theories circulate on social media, election-rigging conspiracy theories are almost unknown in Australia.</p>
<p>An online, or even an electronic voting system in polling booths, would shift the responsibility for electoral integrity to a tiny technical elite with the time and skills to audit the voting technology used.</p>
<p>We are supposed to trust both their personal incorruptibility, and their competence. Serious security flaws are often missed by such professionals until they have been systematically exploited by criminals.</p>
<h2>Automate the count, not the recording</h2>
<p>People with disabilities have been among the strongest advocates for electronically aided voting, for good reason. But that does not mean that paper ballots should be discarded to this end.</p>
<p>With the right technology, instructions expressed by voice commands, a touchscreen, or whatever interface the voter can use unaided can do the job of marking their ballots. That way voters with disabilities will be able to vote with the same level of privacy and autonomy that others take for granted.</p>
<p>Regardless of how they are marked, paper ballots do not necessarily need to be counted by hand. Senate ballot papers are <a href="http://www.aec.gov.au/elections/candidates/files/counting/css-faqs.pdf">currently being counted</a> with the assistance of handwriting recognition systems similar to the ones used to read postcodes on hand-addressed envelopes.</p>
<p>The present system is only semi-automated, in that every ballot scan is then checked by a human operator.</p>
<p>In the future, it is likely that the system can be refined so as not to require every vote to be human-verified. For instance, using two or more independently implemented automated counting systems, combined with randomised spot checking by AEC staff and scrutineers, may be sufficient to ensure an accurate count. </p>
<p>This would allow much faster initial Senate counts but, if there is any doubt, a hand recount is always possible.</p>
<p>In the United States, which uses a wide variety of vote-counting technologies, the one most favoured by academic experts is <a href="http://www.eac.gov/eac_certifies_third_optical-scan_voting_system/">optical scanning ballots</a>. Many people would have come across these in multiple-choice tests such as driving tests: you fill in the box corresponding to your choice. </p>
<p>These work very well in the American context. They are fast, accurate and can be hand-counted in case of a technical problem or dispute. But American elections do not use the preferential voting system. </p>
<p>Designing a system and educating Australians to use this kind of ballot for preferential votes would present a significant challenge and would probably result in a high informal vote.</p>
<p>In any case, expert opinion is clear – no voting system that relies on electronics to record votes, including systems that produce some kind of human-readable audit trail, has any substantial advantages over paper and pencil (or, perhaps indelible pen).</p>
<p>Even the inventor of the “voter-verified paper audit trail”, Dr Rebecca Mercuri, has <a href="http://www.notablesoftware.com/RMstatement.html">concluded</a> that such systems are inferior to paper ballots marked by the voter.</p><img src="https://counter.theconversation.com/content/62171/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Robert Merkel has donated to and volunteered for the Australian Greens.</span></em></p>There’s something about seeing the ballot process take place – the vote, the count – that inspires confidence. That wouldn’t be the same with any electronic voting system.Robert Merkel, Lecturer in Software Engineering, Monash UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/577382016-06-23T01:04:13Z2016-06-23T01:04:13ZElection explainer: why can’t Australians vote online?<p>In 2015, more than 280,000 votes were received in the New South Wales election from a personal computer or mobile phone. This was the largest-ever binding election to use online voting.</p>
<p>But federally, the Joint Standing Committee on Electoral Matters has ruled out allowing Australians to cast their vote online, <a href="http://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Electoral_Matters/2013_General_Election/Second_Interim_Report/Preliminary_pages">arguing</a> it risks “catastrophically compromising our electoral integrity”.</p>
<p>Despite years of research, nobody knows how to provide evidence of an accurate result while keeping individual online votes private. </p>
<p>Internet voting is similar to online banking, except you’re not sent a receipt saying “this is how you voted” because then you could be coerced or bribed. Your vote should be private, even from the electoral commission.</p>
<p>There are three reasons why Australia shouldn’t move to an online voting system:</p>
<ul>
<li><p>the system might not be secure;</p></li>
<li><p>the code might not be correct; and, most importantly,</p></li>
<li><p>if something goes wrong, we might never know.</p></li>
</ul>
<h2>The system might not be secure</h2>
<p>Computer security researcher <a href="https://jhalderm.com/">Alex Halderman</a> and I (Vanessa) found a <a href="http://arxiv.org/abs/1504.05646">serious security vulnerability</a> in the NSW iVote system during March 2015 election. This was caused by some code imported into the secure voting session from an insecure third-party server. It meant an internet-based attacker could have exposed e-votes, changed them, and circumvented iVote’s verification process. </p>
<hr>
<p><em><strong>Read more:</strong></em> <a href="https://theconversation.com/thousands-of-nsw-election-online-votes-open-to-tampering-39164">Thousands of NSW election online votes open to tampering</a></p>
<hr>
<p>The vulnerability was repaired, but by that stage, 66,000 votes were cast. Just 3,000 votes determined the result of a disputed seat in the Legislative Council.
There is no evidence that the security hole was exploited, but also no evidence that it was not. </p>
<p>Some iVote returns differed notably from those cast by more secure channels. The ALP received about 30% of the votes on paper in the Legislative Council, for instance, but only 25% via iVote. The NSW Electoral Commission (NSWEC) blamed these differences on a <a href="http://www.elections.nsw.gov.au/about_us/plans_and_reports/ivote_reports/response_from_the_nsw_electoral_commission_to_ivote_group_bias.pdf">user interface design problem</a>, but it might also have been a software error or a security breach.</p>
<h2>The code might not be correct</h2>
<p>The main use of computers in Australian elections is for counting complicated elections like the Senate and the upper houses of state parliaments. We’ve had the opportunity to inspect some of the code and some of the data. We’ve also found some bugs – which is a good thing, because then they can be fixed.</p>
<p>The vote-counting code used in the ACT is <a href="http://www.elections.act.gov.au/">available for scrutiny</a>. The Logic and Computation Group at the ANU <a href="http://users.cecs.anu.edu.au/%7Erpg/EVoting/evote_revacs.html">analysed the code in 2001, 2005 and 2012</a> and found three bugs. Luckily they could be corrected before they affected an election.</p>
<p>This wasn’t the case in the 2012 local government elections in Griffith, NSW. Last week, with Andrew Conway and others, <a href="http://electionwatch.unimelb.edu.au/articles/software-can-affect-election-results">we identified a software error</a>
leading to a <a href="http://www.elections.nsw.gov.au/__data/assets/pdf_file/0008/218681/PRCC_statement.pdf">mistake in the 2012 results</a> computed by the NSW Electoral Commission. The software error incorrectly distributed preferences, which meant candidate Rina Mercuri lost a spot on the Griffith council. Without the error, she would have won with a probability of about 91%. </p>
<p>The Australian Electoral Commission very recently <a href="https://www.tenders.gov.au/?event=public.advancedsearch.keyword&keyword=Scytl">purchased a new “Senate counting solution”</a>
from the same vendor that made iVote. But the code is unavailable to Australian public scrutiny, despite a <a href="http://www.austlii.edu.au/au/cases/cth/AATA/2015/956.html">Freedom of Information request</a>
and a Senate motion <a href="http://lee-rhiannon.greensmps.org.au/content/news-stories/update-public-release-secret-senate-voting-system">ordering the commission to publish it</a>. The code should be made public, and the paper ballots should be available for auditing. </p>
<p>We’d expect a similar rate of error for internet voting code as counting code, but iVote’s code is not available for review. More importantly, there’s no simple way for an outsider to double-check the process. </p>
<h2>If something goes wrong, we might never know</h2>
<p>With no official account of the iVote run, and no public independent report, we cannot tell whether votes were changed or lost in the 2015 NSW election.</p>
<p>iVote had a limited verification mechanism: voters could ring a
special service, enter their receipt number and have their vote read back to them.</p>
<p>An attacker who changed the vote could change the receipt number too, so the voter couldn’t retrieve any vote from the verification service. But the same would happen if voters simply forgot their receipt numbers, or if votes were accidentally lost due to a software bug.</p>
<p>The NSWEC’s <a href="http://www.elections.nsw.gov.au/about_us/plans_and_reports/ivote_reports/response_from_the_nsw_electoral_commission_to_ivote_security_allegations">online response to our analysis</a> claims: </p>
<blockquote>
<p>Some 1.7% of electors who voted using iVote® also used the verification service and none identified any anomalies with their vote.</p>
</blockquote>
<p>But there must have been people who telephoned the verification service, but couldn’t retrieve any vote at all. The real question is: of those who tried to verify, what fraction failed?</p>
<h2>How electronic voting <em>can</em> work: in a polling place</h2>
<p>Secure electronic voting is possible – in a polling place. One simple method to check the accuracy of the process is to print a plain paper ballot that a voter can read and check.</p>
<p>Another method is an “end-to-end verifiable” election system. We worked with the <a href="https://www.vec.vic.gov.au/Voting/ElectronicVoting.html">Victorian Electoral Commission</a> to develop the the first such system to run at a state level anywhere in the world. </p>
<p>Under this system, voters cast their votes at polling places using a computer. The system provided evidence to each voter that their vote was recorded as they intended and properly included in the count. It also provided evidence to scrutineers that all the votes were properly processed, without revealing individual votes. </p>
<p>The processes allowed votes to be returned electronically from London with evidence that they were correct, rather than shipping the ballot papers.</p>
<p>Why was it restricted to a polling place? Partly because large-scale voter coercion and identity fraud are harder. Most importantly, because voters can get help to follow the complicated verification process.</p>
<h2>Lessons learnt</h2>
<p>Election commissions must produce verifiable evidence that the winning candidates were chosen fairly, based on reliable and secure vote-casting and correct vote-counting.</p>
<p>The lesson from the bugs in the ACT and NSWEC vote-counting code is clear: make the computer code available for public inspection so that we can scrutinise it for errors before the election.</p>
<p>Receiving votes from the internet is the easy part. Proving that you got the right result, while keeping votes private, is an unsolved problem.</p>
<hr>
<p><em>This article was co-published with <a href="http://electionwatch.unimelb.edu.au/categories/policies">Election Watch</a>.</em></p><img src="https://counter.theconversation.com/content/57738/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Vanessa Teague receives funding from the Australian Research Council and The University of Melbourne.
She is an advisory board member of Verified Voting (<a href="http://www.verifiedvoting.org/">http://www.verifiedvoting.org/</a>), which advocates for legislation and regulation that promotes accuracy, transparency and verifiability of elections </span></em></p><p class="fine-print"><em><span>Chris Culnane receives funding from the Australian Research Council, and has previously received funding from The Engineering and Physical Sciences Research Council (UK), The University of Surrey, The Higher Education Funding Council England, and InnovateUK. He was the Technical Lead for the University of Surrey on the vVote project, which designed, developed, and ran an open source end-to-end verifiable election system in the State of Victoria, Australia. Whilst at the University of Surrey he was part of the ICURe Innovation-to-Commercialisation programme that lead to the starting of Coasca Limited, but has no ongoing financial interest. </span></em></p><p class="fine-print"><em><span>Rajeev Gore receives funding from the Australian Research Council, the Australian National University, and
the German-Australian Research Collaboration Scheme.</span></em></p>Despite years of research, nobody knows how to provide evidence of an accurate result while keeping individual e-votes private.Vanessa Teague, Senior Lecturer in the Department of Computing and Information Systems, The University of MelbourneChris Culnane, Research Fellow, The University of MelbourneRajeev Gore, Professor, ANU College of Engineering and Computer Science, Australian National UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/545232016-04-04T09:52:44Z2016-04-04T09:52:44ZAging voting machines threaten election integrity<p>Imagine you went to your basement and dusted off the laptop or mobile phone that you used in 2002. What would happen if you tried to turn it on? We don’t have to guess. Around the country this election year, people are going into storage, pulling out computers that date back to 2002 and asking us to vote on them.</p>
<p>Following an <a href="http://content.time.com/time/nation/article/0,8599,167906,00.html">election meltdown</a> of epic proportions in 2000, the federal government provided more than US$2 billion to update the nation’s voting infrastructure. More than a decade later, these voting machines are approaching the end of their expected lifespans. Experts estimate that a reasonable lifespan for electronic voting machines (which are computers, running mainly on laptop technology developed in the 1990s) is in the 10- to 15-year range.</p>
<p>To determine the state of voting machines across the country, we interviewed more than 100 election administrators in all 50 states. We also consulted scores of public records, spoke with independent technology experts and analyzed data collected by the Verified Voting Foundation. Based on this research, we project that in November <a href="https://www.brennancenter.org/publication/americas-voting-machines-risk">43 states</a> will use voting machines that are at least a decade old. </p>
<p>That’s a problem for three big reasons.</p>
<h2>Breakdowns lead to lines, and lost votes</h2>
<p>First, while no one thinks all the voting machines are going to break down simultaneously, using aging voting equipment on Election Day increases the likelihood of breakdowns. In fact, one New Mexico election official told us that before replacing her machines in 2014, as many as one in three needed to be taken out of service. </p>
<p>We saw the consequences in 2012. People <a href="http://www.csmonitor.com/USA/Elections/2012/1107/Voting-machine-glitches-How-bad-was-it-on-Election-Day-around-the-country">waited in line for hours</a>, which prevented <a href="http://vote.caltech.edu/content/waiting-line-vote">between 500,000 and 700,000 people</a> from casting a ballot. Voting machine problems this November could lead to more long waits and lost votes: in March, we saw <a href="http://www.nytimes.com/2016/03/25/us/angry-arizona-voters-demand-why-such-long-lines-at-polling-sites.html?ref=politics">thousands of voters in Arizona</a> wait in line for hours.</p>
<p>Equally troubling is that aging machines can be difficult to maintain. In <a href="http://www.citylab.com/design/2015/09/mapping-the-nations-failing-voting-machines/405724/">more than 40 states</a>, jurisdictions use voting machines that are no longer manufactured. As these machines get older, <a href="http://www.wired.com/2015/09/dismal-state-americas-decade-old-voting-machines/">parts become scarcer</a> and election officials are increasingly forced to hoard rare parts needed to keep their equipment running. Neal Kelley, registrar in Orange County, California – the sixth-largest jurisdiction in the country – told us that he relies on a “back stock” of spare parts to keep his machines running. At some point, the inability to find replacement parts will mean more voters sharing fewer working machines.</p>
<p>Finally, there are security risks. Many older voting systems rely on outdated operating systems, like Windows XP and 2000, which are <a href="https://www.microsoft.com/en-us/WindowsForBusiness/end-of-xp-support">no longer supported</a>. Several election officials told us that they stockpile refurbished laptops that can run obsolete versions of Windows. Sherry Poland, director of elections in Hamilton County, Ohio, told us that she “stockpiled older PCs that will run Windows XP.” Other experts, like Merle King in Georgia, told us that his state hired a contractor to build custom hardware that will work with Windows 2000. <a href="http://www.infosecurity-magazine.com/news/microsoft-sir-report-highlights-risks-of/">Unsupported software is riskier</a> from a security perspective, since it does not receive regular security updates and is vulnerable to new methods of attack.</p>
<h2>An enormous price tag</h2>
<figure class="align-left zoomable">
<a href="https://images.theconversation.com/files/115913/original/image-20160321-30921-1xpega1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/115913/original/image-20160321-30921-1xpega1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/115913/original/image-20160321-30921-1xpega1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/115913/original/image-20160321-30921-1xpega1.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/115913/original/image-20160321-30921-1xpega1.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/115913/original/image-20160321-30921-1xpega1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/115913/original/image-20160321-30921-1xpega1.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/115913/original/image-20160321-30921-1xpega1.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A WinVote machine.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/robpegoraro/20339783219/">Rob Pegoraro/flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span>
</figcaption>
</figure>
<p>These anecdotes translate into real problems at polling places. The Virginia Department of Elections conducted a <a href="http://elections.virginia.gov/webdocs/VotingEquipReport/">review</a> after machines crashed during the 2014 election. Investigators easily hacked into several WinVote machines, which used decade-old Wi-Fi encryption standards, exposing serious security vulnerabilities. As a result of these findings, the <a href="http://www.richmond.com/news/virginia/government-politics/article_59c95e70-acdc-55ea-b8c3-50f83d147b65.html">Elections Board decertified the machine</a>, forcing 30 jurisdictions to replace their equipment, <a href="http://www.richmond.com/news/virginia/government-politics/article_9db0ed36-e4d6-52a8-84cb-b6bb5b1d9344.html">costing taxpayers millions</a>.</p>
<p>While most business offices upgrade their systems and update computers every few years, critical computing infrastructure for elections is treated differently. We do not expect our laptops or our desktops to last a decade – and this is the kind of technology that voting machines use. The easy answer is to replace the machines, but in much of the country, that is not happening.</p>
<p>Many election officials who believe they need new machines do not have sufficient funding. We identified jurisdictions in 31 states that will need new machines in the next few years. Election officials in 22 of those states told us they do not know how they will pay for them. </p>
<p>According to our estimates, the cost of new machines could exceed $1 billion. It is unlikely that the federal government will provide <a href="https://www.supportthevoter.gov/">another infusion of billions of dollars</a> to pay for new voting equipment. Despite hundreds of millions of dollars <a href="http://www.ned.org/">flowing abroad</a> to strengthen democratic institutions in other countries, <a href="http://www.ncsl.org/Documents/Elections/The_Canvass_NovemberDecember_2015_64.pdf">little to nothing</a> is provided for elections at home. </p>
<h2>Making systems more nimble for the future</h2>
<p>State and local policymakers have not had to pay for voting machines in the past because of federal funding for updated voting equipment in the wake of the <a href="http://www.eac.gov/about_the_eac/help_america_vote_act.aspx">2000 election debacle</a>. Faced with a new demand amid many competing budget priorities, they have been slow to respond to this important need.</p>
<p>While some states and counties will provide funding for new machines, others will not. Disparities in funding between and within states has the potential to create a two-tiered election system, where poorer (and often rural) counties are forced to use aging voting equipment far longer than they should, while wealthier jurisdictions can afford to replace their hardware.</p>
<p>In late 2014, Virginia Governor Terry McAuliffe proposed that the state invest $28 million in new voting equipment. Ultimately, Virginia legislators stripped the funding for voting equipment from the budget and the cost for new machines was left to localities. Virginia’s commissioner of elections, Edgardo Cortes, told us that that only some Virginia election jurisdictions can afford new machines: “Loudon and Fairfax counties – two of the largest and wealthiest counties in the state – have bought new equipment. Smaller, poorer and more rural counties around the state are going to have a tough time.”</p>
<p>Despite the challenges posed by the widespread aging out of voting machines, there is hope for the future. </p>
<p>Our report highlights advances in technology that could make voting systems more affordable and flexible over time. In <a href="http://www.citylab.com/cityfixer/2015/08/what-cities-are-doing-to-make-voting-not-suck/400637/">places like Los Angeles</a> and <a href="https://www.texastribune.org/2014/07/09/travis-county-forges-new-territory-voting-machines/">Travis County, Texas</a> (where Austin is located), election officials are looking at using open source software and commercial off-the-shelf hardware to make systems that are more agile – making it possible to replace parts here and there, instead of replacing an entire voting system at the first signs of degradation. </p>
<p>While such advances will help us in future years, they will not resolve today’s crisis. There is no escaping the immediate need to plan and set aside sufficient funds to buy new machines.</p><img src="https://counter.theconversation.com/content/54523/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Christopher Famighetti is affiliated with the Brennan Center for Justice.</span></em></p><p class="fine-print"><em><span>Lawrence Norden does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Decade-old computer equipment underpins the country’s most important civic process. What happens when it breaks down?Lawrence Norden, Deputy Director, Democracy Program, Brennan Center for Justice, New York UniversityChristopher Famighetti, Voting Rights Researcher, Democracy Project, Brennan Center for Justice, New York UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/412772015-05-14T05:08:06Z2015-05-14T05:08:06ZOnline voting is convenient, but if the results aren’t verifiable it’s not worth the risk<figure><img src="https://images.theconversation.com/files/81280/original/image-20150511-19528-svxcdh.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Vote early, vote often - but if it's not secure people won't vote at all.</span> <span class="attribution"><span class="source">vote by Feng Yu/shutterstock.com</span></span></figcaption></figure><p>In one of the most fiercely contested elections in years, the turnout of the 2015 British general election was still <a href="http://www.ukpolitical.info/Turnout45.htm">stubbornly low at 66.1%</a> – only a single percentage point more than in 2010, and still around 10 points lower than the ranges common before the 1990s. </p>
<p>There has been all manner of hand-wringing about how to improve voter engagement and turnout. Considering the huge range of things we now do online, why not voting too? A <a href="http://www.democraticaudit.com/?p=1499">Lodestone political survey</a> suggested that 60% of respondents said they would vote if they could do so online, and this rose to around 80% among those aged 18-35. As recently as this year, the speaker of the House of Commons called for a <a href="http://www.bbc.co.uk/news/uk-politics-30976610">secure online voting system by 2020</a>.</p>
<p>But designing a secure way to vote online is hard. An electronic voting system has to be transparent enough that the declared outcome is fully verifiable, yet still protect the anonymity of the secret ballot in order to prevent the possibility of voter coercion. </p>
<h2>End-to-end verifiability</h2>
<p>Any online voting system has to arrive at its conclusion in such a way that voters and observers can verify the count, independently of the software used – this is called end-to-end verifiability. This way voters can be assured that their votes were recorded as they were cast, and that all cast votes were counted correctly.</p>
<p>The vital nature of this can be explained by analogy to online banking. Bank customers can verify their own bank statements – and need not care about the software that produced them. But what if the banks provided no evidence of your transactions, just your remaining balance – how could you verify that the bank wasn’t cheating you?</p>
<p>The difficulty in respect of online voting is that how each voter cast their vote must be kept secret – we can’t just have a huge banking-like “statement” recording who voted which way. Instead, all the votes cast are gathered together and presented on a website in encrypted form, in order to ensure ballot secrecy. </p>
<p>The challenge is to design a way of using encryption that allows an independently-verifiable tallying of individual votes, without removing the secrecy it affords the ballots. Methods have been invented that allow the voting server to generate cryptographically-sound proofs that its count is correct. This means voters, observers and media organisations can perform the necessary checks to establish that the declared outcome really does match the votes cast in the elections.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/81278/original/image-20150511-4460-zg4fph.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/81278/original/image-20150511-4460-zg4fph.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=581&fit=crop&dpr=1 600w, https://images.theconversation.com/files/81278/original/image-20150511-4460-zg4fph.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=581&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/81278/original/image-20150511-4460-zg4fph.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=581&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/81278/original/image-20150511-4460-zg4fph.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=730&fit=crop&dpr=1 754w, https://images.theconversation.com/files/81278/original/image-20150511-4460-zg4fph.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=730&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/81278/original/image-20150511-4460-zg4fph.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=730&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Paper ballots have worked well for centuries - any new methods must be at least as good.</span>
<span class="attribution"><a class="source" href="http://commons.wikimedia.org/wiki/File:Voting_at_Dutch_elections_1918.jpg">Cornelis Johan Hofker</a></span>
</figcaption>
</figure>
<h2>Electronic voting in the real world</h2>
<p>Online voting has been carried out eight times in Estonia, first in a local election in 2005 and, most recently, for its parliamentary elections in 2015. However the system Estonia uses <a href="https://estoniaevoting.org/findings/summary/">does not support end-to-end verifiability</a>. The tallying done by the server could be easily rigged, for example if someone has attacked the server with malware. </p>
<p>Norway also ran a <a href="http://www.zdnet.com/article/vote-early-vote-often-inside-norways-pioneering-open-source-e-voting-trials/">trial of internet voting</a> during local elections in 2011. The Norwegian system didn’t support end-to-end verifiability either – and in fact Norway has ended the project amid concern it could damage confidence in the electoral process. Nor has online voting in either country <a href="http://www.democraticaudit.com/?p=1499">boosted voter turnout</a>. There are benefits to electronic voting – verifiability, lower cost, speed – but on the real world evidence so far boosting turnout isn’t one of them.</p>
<p>We have recently seen researchers show how various attacks on existing electronic voting system are possible. Examples include iVote online voting system used in <a href="https://theconversation.com/thousands-of-nsw-election-online-votes-open-to-tampering-39164">NSW elections in Australia</a> or <a href="http://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security">AVS WinVote</a> machines used in three presidential elections in Virginia in the US. These attacks can affect the outcome of the election in an undetectable way, as there is no way for observers to verify independently the outcome of the election.</p>
<p>A system called <a href="http://www.scantegrity.org">Scantegrity</a> was used in Takoma Park city municipal elections in the US in 2009, and vVote (an adaptation of the <a href="http://www.pretavoter.com/">Prêt à Voter system</a>) was recently used in <a href="http://www.vec.vic.gov.au/Voting/ElectronicVoting.html">Australian state of Victoria elections</a>. These systems include mechanisms for end-to-end verifiability and so provide high assurance in the election results. But they are designed to be used in polling stations only, and so defeat the main perceived advantage of online voting by removing voters’ ability to vote from anywhere.</p>
<h2>The challenge of malware</h2>
<p>Another challenge to designing verifiability in online voting is the possibility of malware infection of voters’ computers. By some estimates between 30%-40% of all <a href="http://www.zdnet.com/article/report-48-of-22-million-scanned-computers-infected-with-malware/">home computers are infected</a>. It’s quite possible that determined attackers could produce and distribute malware specifically designed to thwart or alter the outcome of a national election – for example undetectably changing the way a user votes and then covering its tracks by faking how the vote appears to have been cast to the voter. Whatever verifability mechanisms there are could also be thwarted by the malware.</p>
<p>One way to try to prevent this kind of attack is to make voters use several computers during the voting process. Although this is hardly convenient, the idea is to make it more difficult for an attacker to launch a co-ordinated attack across several computers at once.</p>
<p>Online voting is attractive because it promises convenience. But providing true end-to-end verifiability remains an enormous challenge. Governments and politicians should be aware of the risks, and the possible loss of confidence in the voting system if whatever system introduced is found to be flawed. Democracy is important – if voting is to be done online it must be done properly, or not at all.</p><img src="https://counter.theconversation.com/content/41277/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors receive funding from EPSRC for computer security research, including the security of online voting mechanisms.</span></em></p>Online voting could boost turnout, but a flawed system could destroy faith in the voting process.Mark D. Ryan, Professor of Computer Security, University of BirminghamGurchetan S. Grewal, PhD student in Computer Security, University of BirminghamLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/396892015-04-08T20:06:40Z2015-04-08T20:06:40ZEarly voting hits new highs in NSW and Australia, but is it a good idea?<figure><img src="https://images.theconversation.com/files/77287/original/image-20150408-26515-ujbvqs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">About one in four Australians are skipping the polling day queues and voting early.</span> <span class="attribution"><span class="source">Sunanda Creagh</span>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span></figcaption></figure><p>The ultimate result of the New South Wales election is still waiting on the resolution of the upper house where <a href="http://www.abc.net.au/news/nsw-election-2015/results/lc/">counting continues</a>. A <a href="http://www.theaustralian.com.au/news/mike-baird-better-off-sacrificing-seat-than-face-re-run/story-e6frg6n6-1227294795925">possible court challenge</a> could lead to a fresh upper house poll being called. That leaves the re-elected Baird government’s plans hanging in the balance.</p>
<p>Unlike the narrow Labor wins at the recent <a href="http://www.abc.net.au/news/2015-02-01/queensland-election-2015-kap-ready-to-cut-deal-with-labor/6060296">Queensland</a> and <a href="http://www.abc.net.au/radionational/programs/bushtelegraph/vic-election/5931224">Victorian</a> elections, which caught many pollsters off-guard, the comfortable NSW Liberal National victory on <a href="https://theconversation.com/nsw-voters-set-to-back-baird-but-upper-house-is-too-close-to-call-38034">March 28</a> was widely predicted. </p>
<p>But the elections did all have one thing in common: they showed that the old notion of “polling day” is increasingly outdated. Early voting is rising rapidly across Australia, including in the latest NSW election.</p>
<p>In 1995, only <a href="http://www.elections.nsw.gov.au/about_elections/electoral_statistics">4% of NSW electors</a> voted early. By the 2011 election, it was <a href="http://www.elections.nsw.gov.au/about_elections/electoral_statistics">15%</a>. The early figures indicate that could climb to <a href="http://www.smh.com.au/nsw/nsw-state-election-2015/prepoll-results-for-nsw-election-2015-electoral-commission-says-increasing-numbers-voting-before-election-day-20150331-1mb8ii.html">about 25%</a> in 2015. (That includes about 640,000 prepoll votes and 284,000 online votes via the iVote system, while the final number of postal votes is still to be confirmed.)</p>
<p>According to the company operating iVote at this election, <a href="http://www.scytl.com/en/">Scytl</a>, NSW <a href="http://www.scytl.com/en/news/new-south-wales-leads-the-way-in-internet-voting-and-edemocracy-innovation/">set a record</a> for the most online votes in any government election worldwide, beating the previous record of more than 240,000 online votes set by <a href="http://www.parliament.uk/documents/speaker/digital-democracy/FR_Successcase.pdf">France</a>, as well as recent online votes in <a href="https://theconversation.com/thousands-of-nsw-election-online-votes-open-to-tampering-39164">Estonia and Norway</a>. It also represented a sixfold increase from the <a href="http://www.elections.nsw.gov.au/__data/assets/pdf_file/0006/96297/SGE_2010-2011_Amended.pdf">46,864 iVotes</a> at the 2011 NSW election. That’s entirely in line with Australians being early adopters of technology, such as <a href="http://landing.deloitte.com.au/rs/deloitteaus/images/Deloitte_Mobile_Consumer_Survey_2014.pdf">smartphones</a>.</p>
<p>Overall, the high early vote in NSW mirrors a trend seen <a href="https://theconversation.com/why-more-and-more-australians-are-voting-before-election-day-37159">in other state</a> and federal elections. For instance, at the 2013 federal election, more than 26% of voters voted early. That was more than double the rate of a decade earlier.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/76850/original/image-20150402-31287-1ko0v8z.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/76850/original/image-20150402-31287-1ko0v8z.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/76850/original/image-20150402-31287-1ko0v8z.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=302&fit=crop&dpr=1 600w, https://images.theconversation.com/files/76850/original/image-20150402-31287-1ko0v8z.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=302&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/76850/original/image-20150402-31287-1ko0v8z.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=302&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/76850/original/image-20150402-31287-1ko0v8z.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=380&fit=crop&dpr=1 754w, https://images.theconversation.com/files/76850/original/image-20150402-31287-1ko0v8z.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=380&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/76850/original/image-20150402-31287-1ko0v8z.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=380&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Early voting in Australian federal elections.</span>
<span class="attribution"><a class="source" href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2440075">Australian Electoral Commission, 2014</a></span>
</figcaption>
</figure>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/76849/original/image-20150402-31312-ae42vl.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/76849/original/image-20150402-31312-ae42vl.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/76849/original/image-20150402-31312-ae42vl.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=70&fit=crop&dpr=1 600w, https://images.theconversation.com/files/76849/original/image-20150402-31312-ae42vl.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=70&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/76849/original/image-20150402-31312-ae42vl.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=70&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/76849/original/image-20150402-31312-ae42vl.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=89&fit=crop&dpr=1 754w, https://images.theconversation.com/files/76849/original/image-20150402-31312-ae42vl.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=89&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/76849/original/image-20150402-31312-ae42vl.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=89&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Australian Electoral Commission.</span>
<span class="attribution"><a class="source" href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2440075">Early Voting in Australian Federal Elections: Causes and Consequences, 2014</a></span>
</figcaption>
</figure>
<p>But is it good for democracy to have so many people voting before polling day? And how are Australia’s political parties likely to change their campaign strategies to woo early voters?</p>
<h2>Electoral commissions offering more options</h2>
<p>Australian election commissions like to be thought of as custodians of their electoral system and tend to see themselves as the most <a href="http://www.aph.gov.au/senate/%7E/%7E/link.aspx?_id=AE1A1EC4416D423A94F9BFAB52215FD2&_z=z">independent parts of the public service</a>. With a limited role in policing candidates’ political behaviour (with the exception of South Australia, where the commission <a href="http://www.eca.gov.au/systems/australia/by_area/sa.htm">regulates truth in political advertising</a>), their focus is on protecting the integrity of the electoral administrative process and expanding participation.</p>
<p>While the former is most visible in the <a href="http://www.abc.net.au/news/wa-senate-2014/">breach rather than the observance</a>, the latter is seen in voter awareness campaigns, personalised reminder services, electoral reminder mail, easier voter enrolment (such as <a href="http://www.elections.nsw.gov.au/enrol_to_vote/smartroll">automatic enrolment in NSW</a>) and an increased range of options for early voting.</p>
<p>In NSW, those options include pre-poll voting at physical voting locations, postal ballots and the predominantly online <a href="http://www.elections.nsw.gov.au/voting/ivote">iVote</a> electronic voting system.</p>
<p>iVote is not without its <a href="https://theconversation.com/nsws-online-gamble-why-internet-and-phone-voting-is-too-risky-37465">critics</a> – and in this election a <a href="http://www.smh.com.au/nsw/nsw-state-election-2015/nsw-election-2015-19000-electronic-votes-considered-valid-despite-error-on-ballot-paper-20150318-1m21pi.html">human error</a> meant 19,000 votes were cast online while two minor parties (the Outdoor Recreation Party and the Animal Justice Party) were not listed above the line on the upper house ballot paper. The Animal Justice Party is still in the race against the Coalition for the final upper house seat. If it narrowly misses out, there is a strong chance of a <a href="http://www.theaustralian.com.au/news/mike-baird-better-off-sacrificing-seat-than-face-re-run/story-e6frg6n6-1227294795925">legal challenge</a>.</p>
<p>But even amid widespread media coverage of that error and other <a href="http://www.abc.net.au/worldtoday/content/2015/s4202723.htm">potential security concerns</a>, the popularity of online voting in this election beat even the state electoral commission’s <a href="http://www.cio.com.au/article/545546/nsw_electoral_commission_cio_says_ivote_system_will_ensure_counting_accuracy/">forecasts</a> of 200,000 to 250,000 iVotes.</p>
<h2>Convenience vs cohesion: the pros and cons of early voting</h2>
<p>It is generally agreed why electors vote early: <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2440075">convenience</a>. Rather than lining up on a Saturday, what many people see as a chore can now be completed at leisure. </p>
<p>Swinburne’s <a href="https://theconversation.com/why-more-and-more-australians-are-voting-before-election-day-37159">Nathan Reader</a> has previously pointed out that that this matches a changing tempo of life: more Australians work on weekends, are busier than ever before and are less tolerant of what they perceive as inflexible compliance with government.</p>
<p>So the real question is whether the early voting trend in Australia is significant, or just another part of the larger change that has come with the rise of the convenience economy.</p>
<p>The most prevalent argument against early voting is that it undermines the “function” of elections: that in a representative democracy, citizens who are largely absent from the day-to-day governmental process should stop once every few years and have a good, hard think before voting.</p>
<p>This is a “republican” (as in Rome) model of citizenship that places emphasis on the individuals adherence to the civic duties to be <a href="http://www.politico.com/magazine/story/2014/01/early-voting-the-case-against-102748.html#.VSHPZOThlC0">engaged, informed and participative</a>. In this context, then, elections should be “focusing events” filled with information-rich political discourse: from candidates to electors in the form of policy ideas; from electors to candidates in the form of questions; and between electors, debating the key issues. </p>
<p>This allows citizens to make informed decisions they can feel committed to. It also gives governments legitimacy for their programs and allows political elites to accurately gauge popular opinion.</p>
<p>The idea is that the contest of ideas runs right runs up to polling day. And the electronic media blackout just before the poll gives us all time to retire to our homes unmolested to reflect, weigh up what policies matter most to us and consider all the pros and cons, opportunity costs, risks and trade-offs.</p>
<p>There is another argument against early voting: that it undermines an important <a href="http://scholar.harvard.edu/dft/publications/electoral-simultaneity-expressing-equal-respect">social cohesion process</a>, emphasising collectivity and equality, which is the point of having elections in the first place. Some people feel that by removing the “gathering together” aspect of elections, pre-poll, postal and online voting also undermine a key civil ritual.</p>
<p>These perspectives do have merit, but they overstate the significance of elections. Indeed, these views make elections synonymous with democracy itself: a formalistic view of a complex concept. Elections can be important civic rituals, but they can also be ritualistic. Elections are often not competitive, but simply serve to re-endorse an existing government. </p>
<h2>The battle for swinging voters</h2>
<p>Concerns that early voting will significantly change exactly “when” people make a vote decision also appears unfounded. As the figure below shows – drawing from <a href="http://aes.anu.edu.au/">Australian Electoral Study</a> data – the majority of Australian voters have already made a decision on how to vote before a federal election is called.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/77079/original/image-20150406-26481-7irnu2.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/77079/original/image-20150406-26481-7irnu2.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/77079/original/image-20150406-26481-7irnu2.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=399&fit=crop&dpr=1 600w, https://images.theconversation.com/files/77079/original/image-20150406-26481-7irnu2.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=399&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/77079/original/image-20150406-26481-7irnu2.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=399&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/77079/original/image-20150406-26481-7irnu2.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=502&fit=crop&dpr=1 754w, https://images.theconversation.com/files/77079/original/image-20150406-26481-7irnu2.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=502&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/77079/original/image-20150406-26481-7irnu2.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=502&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Drawn using data from the 2013 Australian Electoral Study.</span>
<span class="attribution"><a class="source" href="http://aes.anu.edu.au">aes.anu.edu.au</a>, <span class="license">Author provided</span></span>
</figcaption>
</figure>
<p>Swinging voters who decide how to vote late in the campaign are often disparaged as uninformed, “soft” and <a href="http://www.abc.net.au/news/2013-09-11/throsby-swinging-voters/4950200">under-engaged</a>. </p>
<p>Whether that is true or not, our political parties have tended to respond as if it is. Electoral messages are simplistic and put on high rotation, following a model of audiences that assumes low levels of attention, interest, recall and cognitive processing. The rise of early voting in Australia does not appear to have significantly changed this jaundiced view of the public.</p>
<p>However, one way that increased early voting is changing elections campaigns is that parties know that electors may “defect” from the campaign and vote early. </p>
<p>Traditional election campaigns have four distinct time periods: frame (the campaign); defame (the opponent); explain (the policy); and acclaim (move to a positive commitment decision close to polling day).</p>
<p>The increased availability of early voting options will mean there is a stronger incentive for parties to “win” the political communication game in each day of the campaign.</p>
<p>Early voting options also means that campaign communications will try to be more persuasive: don’t just vote for me, but vote for me <em>right now</em>. Opposition parties will need to have higher visibility between elections, so will need to campaign rather than attempt small-target strategies. Governments, as always, will need to perform because elections are theirs to lose, not to win.</p><img src="https://counter.theconversation.com/content/39689/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Peter John Chen is a bad republican citizen and has voted early.</span></em></p>More than 280,000 votes were cast online at the NSW election, which has been claimed as a new world record. The state’s early vote also looks set to hit a new high, mirroring a trend across Australia.Peter John Chen, Senior Lecturer, Department of Government and International Relations, University of SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/391642015-03-22T19:17:35Z2015-03-22T19:17:35ZThousands of NSW election online votes open to tampering<figure><img src="https://images.theconversation.com/files/76115/original/image-20150326-8716-1igpufe.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Security experts discovered that the iVote practice server was vulnerable to tampering; after checking that the same weakness affected the real voting server, they alerted the authorities.</span> <span class="attribution"><span class="source">Vanessa Teague and Alex Halderman</span>, <span class="license">Author provided</span></span></figcaption></figure><p><em>UPDATED 3:20PM AEDT: The NSW Electoral Commission has now <a href="http://www.abc.net.au/news/2015-03-23/ivote-security-hack-allowed-change-of-vote-security-expert-says/6340168">publicly commented</a> on the security flaw uncovered by Dr Vanessa Teague and J. Professor Alex Halderman. But as the authors explain below, “we are concerned that the NSW Electoral Commission does not seem to understand the serious implications of this attack”. Read the rest of their response at the end of this article.</em></p>
<hr>
<p>If you’re one of the 66,000 people from New South Wales who voted in the state election using iVote between Monday March 16 and midday on Saturday March 21, your vote could have been exposed or changed without you knowing. </p>
<p>How do we know that? Because we uncovered a security flaw in the popular <a href="http://www.ivote.nsw.gov.au/">iVote</a> system that would have let us do exactly that, if we’d chosen to. That’s despite <a href="http://www.abc.net.au/news/2015-02-04/computer-voting-may-feature-in-march-nsw-election/6068290">repeated assurances</a> from the New South Wales Electoral Commission that:</p>
<blockquote>
<p>People’s vote is completely secret. It’s fully encrypted and safeguarded, it can’t be tampered with</p>
</blockquote>
<p>As we’ve been able to show, that’s not true. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/75571/original/image-20150322-14627-1p3f6v4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/75571/original/image-20150322-14627-1p3f6v4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/75571/original/image-20150322-14627-1p3f6v4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=439&fit=crop&dpr=1 600w, https://images.theconversation.com/files/75571/original/image-20150322-14627-1p3f6v4.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=439&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/75571/original/image-20150322-14627-1p3f6v4.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=439&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/75571/original/image-20150322-14627-1p3f6v4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=552&fit=crop&dpr=1 754w, https://images.theconversation.com/files/75571/original/image-20150322-14627-1p3f6v4.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=552&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/75571/original/image-20150322-14627-1p3f6v4.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=552&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A screenshot demonstrating how a security flaw could have allowed two online security experts to intercept and change votes using the NSW iVote system.</span>
<span class="attribution"><span class="source">Vanessa Teague and Alex Halderman</span>, <span class="license">Author provided</span></span>
</figcaption>
</figure>
<p>We should stress that rather than do anything illegal or disrupt the <a href="http://www.votensw.info/">March 28 state election</a> result, we tested this security weakness only on our own practice vote at the iVote practice server. After checking that the same weakness affected the real voting server, we alerted the authorities late last week. We also waited until we could see the problem had been fixed before talking publicly about it.</p>
<h2>Less than a week to expose iVote’s vulnerability</h2>
<p>The problem we found was that the voting server had loaded some code from a third-party site vulnerable to the FREAK attack, a major security flaw that left Apple and Google devices vulnerable to hacking (you can read a recent Washington Post article <a href="http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/03/freak-flaw-undermines-security-for-apple-and-google-users-researchers-discover/">explaining the FREAK flaw</a>).</p>
<p>How did that global security problem affect iVote? For a longer, more technical explanation of what we did and found, <a href="https://freedom-to-tinker.com/blog/teaguehalderman/ivote-vulnerability/">read more here</a>.</p>
<p>The shorter version is that with less than a week of concerted effort, the two of us discovered that the FREAK flaw allowed us – or potentially anyone with the right technical knowledge – to intercept a NSW voter’s internet traffic, and insert different code into vulnerable web browsers. Many, but not all, browsers have been appropriately patched over the last week – <a href="https://freakattack.com/">this site</a> lets you check whether yours is still vulnerable.</p>
<p>We demonstrated that we could make the voter’s web browser display what the voter wanted, but secretly send a different vote to the iVote voting server.</p>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/75572/original/image-20150322-14639-1es63fl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/75572/original/image-20150322-14639-1es63fl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/75572/original/image-20150322-14639-1es63fl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=439&fit=crop&dpr=1 600w, https://images.theconversation.com/files/75572/original/image-20150322-14639-1es63fl.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=439&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/75572/original/image-20150322-14639-1es63fl.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=439&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/75572/original/image-20150322-14639-1es63fl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=552&fit=crop&dpr=1 754w, https://images.theconversation.com/files/75572/original/image-20150322-14639-1es63fl.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=552&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/75572/original/image-20150322-14639-1es63fl.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=552&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Real hackers rarely leave such obvious clues – but online security experts testing the NSW iVote system used this Ned Kelly symbol.</span>
<span class="attribution"><span class="source">Vanessa Teague and Alex Halderman</span>, <span class="license">Author provided</span></span>
</figcaption>
</figure>
<p>The iVote system does include a <a href="http://www.elections.nsw.gov.au/voting/ivote/overview">vote verification process</a> for people who choose to vote online or by phone, where they can subsequently call an automated interactive phone line to double-check what vote the system holds for them. </p>
<p>However, that verification system could have errors or security vulnerabilities; we can’t tell you with any certainty either way, since there’s no publicly-available source code or system details. </p>
<p>Given the supposedly “fully encrypted and safeguarded” iVote system proved so vulnerable to attack, we certainly would not recommend people take any chances by voting online in the NSW election.</p>
<h2>The NSW online vote is globally significant</h2>
<p>The 2015 NSW election is Australia’s biggest-ever test of electronic voting, which has largely been limited to small trials in the past. The official predictions have been that <a href="http://www.governmentnews.com.au/2015/03/nsw-elections-ivote-set-for-six-fold-jump/">200,000</a> to <a href="http://www.cio.com.au/article/545546/nsw_electoral_commission_cio_says_ivote_system_will_ensure_counting_accuracy/">250,000</a> people would vote using iVote in this election.</p>
<p>And this NSW election already ranks as one of the world’s biggest online votes to date, on track to exceed the <a href="https://www.regjeringen.no/globalassets/upload/kmd/komm/rapporter/isf_internettvalg.pdf">70,090 Norwegians who voted electronically in 2013</a>, and perhaps even beat the <a href="http://news.err.ee/v/elections/953ac902-eb86-411a-92ce-ea2960c8c6d1">176,491 people who voted online in the 2015 Estonian election</a>. </p>
<p>In just its first week, even apart from our discovery things haven’t run smoothly. </p>
<p>Early voting using iVote opened at 8am on Monday March 16, and it will close at 6pm on election night, Saturday March 28.</p>
<p>On Tuesday March 17, the NSW Electoral Commission <a href="http://www.abc.net.au/news/2015-03-17/nsw-election-online-voting-suspended-due-to-ballot-paper-error/6326106">suspended voting for six hours</a> after it turned out that two minor parties had been left off the “above the line” section of the NSW upper house online ballot paper. That problem, blamed on human error, was fixed – but not before <a href="http://www.smh.com.au/nsw/nsw-state-election-2015/nsw-election-2015-19000-electronic-votes-considered-valid-despite-error-on-ballot-paper-20150318-1m21pi.html">19,000 votes</a> had already been cast.</p>
<p>Serious human errors do sometimes happen in elections, and they can affect <a href="http://www.theaustralian.com.au/national-affairs/probe-launched-into-lost-wa-senate-ballot-papers/story-fn59niix-1226750519018">paper ballots</a> too. </p>
<p>Our concern about online voting – and specifically about the NSW iVote system – is that security flaws like the one we found last week are still too <a href="http://techpresident.com/news/wegov/25066/estonia-online-voting-system-not-secure">prevalent</a> and <a href="https://theconversation.com/nsws-online-gamble-why-internet-and-phone-voting-is-too-risky-37465">predictable</a>. </p>
<h2>NSW vs Washington DC’s approach</h2>
<p>Less than a fortnight ago, one of us (Dr Teague) wrote in The Conversation about the potential <a href="https://theconversation.com/nsws-online-gamble-why-internet-and-phone-voting-is-too-risky-37465">privacy and vote tampering</a> problems with iVote. That article reflected concerns expressed in a letter to the NSW Electoral Commission in 2013. Yet the commission has never responded meaningfully to those concerns, and also chose not to <a href="http://iview.abc.net.au/programs/abc-news-nsw/NC1501H069S00#playing">publicly comment</a> on the FREAK security flaw that we exposed. </p>
<p>However, that’s not the approach taken by electoral authorities elsewhere wanting to deliver trustworthy election results.</p>
<p>For example, <a href="http://www.theglobeandmail.com/news/politics/rise-of-e-voting-is-inevitable-as-is-risk-of-hacking/article21311244/">in 2010</a>, the Washington D.C.
Board of Elections and Ethics invited a <a href="https://jhalderm.com/pub/papers/dcvoting-fc12.pdf">team of experts</a> from University of Michigan (led by Professor Halderman) to try to hack the district’s new online voting system. </p>
<p><a href="https://jhalderm.com/pub/papers/dcvoting-fc12.pdf">Within 48 hours</a>, the University of Michigan team had broken in, taken over the election server, added fictional movie and TV characters as candidates (including for mayor and the member of congress), changed every vote, and revealed almost every secret ballot. </p>
<p>The election officials didn’t realise their system had been hacked for nearly two business days. When they did, it was only because the hacking team left behind a musical “calling card”, changing the Thank You page that appeared at the end of the voting process so that it played the <a href="https://www.youtube.com/watch?v=EF--ldYIBnM">University of Michigan fight song</a>.</p>
<h2>A note for NSW voters</h2>
<p>We hope there are no more exploitable security problems in iVote and that the rest of the NSW election runs more smoothly. </p>
<p>But since we’ve had no opportunity to inspect the server side code or systems, there’s no way to be sure. When you’re working on the internet, new vulnerabilities emerge all the time.</p>
<p>That’s why, if you want to be sure your vote counts in the NSW election, we recommend you stick with an old-fashioned paper ballot.</p>
<h2>An update from the authors</h2>
<p><em>3:20PM UPDATE:</em> Since publishing this article, this issue has been widely covered in by other news outlets, including on <a href="http://www.abc.net.au/worldtoday/content/2015/s4202723.htm">ABC radio</a> and <a href="http://www.abc.net.au/news/2015-03-23/ivote-security-hack-allowed-change-of-vote-security-expert-says/6340168">online</a>.</p>
<p>The NSW Electoral Commission’s chief information officer Ian Brightwell <a href="http://www.abc.net.au/news/2015-03-23/ivote-security-hack-allowed-change-of-vote-security-expert-says/6340168">told the ABC</a> that there was a problem, but it had been fixed and the system was safe.</p>
<blockquote>
<p>We are confident however that the system is yielding the outcome that we actually initially set out to yield, and that is that the verification process is not telling us any faults are in the system.</p>
</blockquote>
<p>While we are pleased that the NSW Electoral Commission rapidly made changes to iVote in response to our findings, we are concerned that it does not seem to understand the serious implications of this attack.</p>
<p>Before the commission patched the system, the problem could be exploited under realistic and widespread conditions, and the iVote system cannot prove that this did not occur.</p>
<p>The problem was a direct consequence of faulty design in the iVote system, particularly the decision to include code from an external source. Its effect was to allow an attacker to modify votes, which shows the NSW Electoral Commission’s <a href="http://www.abc.net.au/news/2015-02-04/computer-voting-may-feature-in-march-nsw-election/6068290">past claim</a> that the vote was “fully encrypted and safeguarded [and] can’t be tampered with” to be false.</p>
<p>We had to demonstrate a breach with the practice system because breaching the actual iVote process carries a penalty of three years in gaol, according to the electoral commission’s website. Since the real system uses identical code, the real system would have been susceptible to the same attack.</p>
<p>The integrity of this NSW election now relies on iVote’s verification and auditing processes – but these provide only limited defence, at best. </p>
<p>The electoral commission’s security testing failed to expose the vulnerability we found, and may have also missed flaws in the server software, verification protocol, and auditing process. The commission has so far declined to make these critical components available for public scrutiny.</p>
<p><em>* You can listen to the <a href="http://www.abc.net.au/am/content/2015/s4202677.htm">ABC World Today program’s</a> coverage of this issue on March 23, which includes the NSW Electoral Commission response. Or read more of The Conversation’s coverage of the <a href="https://theconversation.com/au/topics/nsw-election-2015">2015 NSW election</a>.</em></p><img src="https://counter.theconversation.com/content/39164/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Dr Vanessa Teague receives funding from the Australian Research Council for work in electronic voting privacy. She is on the advisory board of Verifiedvoting.org. She worked on a voluntary basis for the Victorian Electoral Commission's electronic voting project.</span></em></p><p class="fine-print"><em><span>Prof. J. Alex Halderman receives funding from the U.S. National Science Foundation, the Alfred P. Sloan Foundation, the New America Foundation, and the University of Michigan. He serves on the advisory board of Verifiedvoting.org.</span></em></p>UPDATED 3PM: The NSW Electoral Commission has now publicly commented on the security flaw we uncovered. But we’re concerned that it does not seem to understand the serious implications of this attack.Vanessa Teague, Research Fellow in the Department of Computing and Information Systems, The University of MelbourneJ. Alex Halderman, Director, University of Michigan Center for Computer Security and Society; Morris Wellman Faculty Development Assistant Professor of Computer Science and Engineering, University of MichiganLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/374652015-03-10T19:32:47Z2015-03-10T19:32:47ZNSW’s online gamble: why internet and phone voting is too risky<p>Up to 250,000 votes are <a href="http://www.cio.com.au/article/545546/nsw_electoral_commission_cio_says_ivote_system_will_ensure_counting_accuracy/">expected</a> to be cast using the iVote electronic voting system between March 16 and the close of polls on March 28 in the <a href="https://theconversation.com/au/topics/nsw-election-2015">New South Wales election</a>. </p>
<p>That would represent a massive increase on the <a href="http://www.elections.nsw.gov.au/__data/assets/pdf_file/0006/96297/SGE_2010-2011_Amended.pdf">46,864</a> votes at the 2011 state election and could mean about 5% of the <a href="http://www.aec.gov.au/Enrolling_to_vote/Enrolment_stats/national/2013.htm">total vote</a> is cast electronically, <a href="http://www.vote.nsw.gov.au/__data/assets/pdf_file/0007/182842/SE.801_iVote_Brochure.pdf">using a telephone or via the internet</a>. It looks set to be by far the biggest test of electronic voting in Australia, which has largely been limited to <a href="http://www.itnews.com.au/News/371437,mp-backs-calls-for-electronic-voting-rollout.aspx">small trials in the past</a>, and one of the largest <a href="https://www.verifiedvoting.org/internet-voting-outside-the-united-states/">online votes worldwide</a>.</p>
<p>If the NSW election proves to be <a href="http://blogs.abc.net.au/antonygreen/2015/03/why-the-baird-government-is-vulnerable.html#more">close</a>, those electronic votes could prove crucial. But before electronic voting begins on Monday, people in NSW should be warned: there are many unanswered questions about the integrity and privacy of those votes.</p>
<h2>Protecting voter integrity</h2>
<p>Late last year, the federal Joint Standing Committee on Electoral Matters recommended against electronic voting in federal elections. Its report <a href="http://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Electoral_Matters/2013_General_Election/Second_Interim_Report">concluded that</a>:</p>
<blockquote>
<p>Australia is not in a position to introduce any large-scale system of electronic voting in the near future without catastrophically compromising our electoral integrity.</p>
</blockquote>
<p>So what are some of the potential threats? Software errors, hackers, misbehaving system administrators, malware or other unobservable problems could all potentially cause electronic votes to be misrecorded, modified or exposed. </p>
<p>The NSW Electoral Commission responded to such concerns by releasing a 102-page <a href="http://www.elections.nsw.gov.au/__data/assets/pdf_file/0007/193219/iVote-Security_Implementation_Statement-Mar2015.pdf">iVote Security Implementation Statement</a> at the end of last week.</p>
<p>But its statement still doesn’t answer many of the concerns I have been <a href="http://people.eng.unimelb.edu.au/vjteague/ResponseToDraftDesign_updatedForWeb.pdf">raising with the commission</a> for more than a year – particularly over vote privacy and verifiable election integrity.</p>
<p>For example, Norway’s online voting system, implemented by iVote’s provider Scytl, was <a href="https://www.regjeringen.no/en/aktuelt/Internet-voting-pilot-to-be-discontinued/id764300/">discontinued last year</a> after a software bug caused votes to be only very weakly hidden from election officials (see page 8 of <a href="http://www.osce.org/odihr/elections/109517?download=true">this report</a>). </p>
<p>The fundamental problem for NSW voters is this: you can’t tell what a computer is really doing to its electronic data just by looking at the screen.</p>
<h2>Concerns about the NSW system</h2>
<p>iVote is available to anyone who meets <a href="http://www.ivote.nsw.gov.au/">broad eligibility criteria</a>, including:</p>
<ul>
<li>I have a disability … and because of that disability I have difficulty voting at a polling place or I am unable to vote without assistance</li>
<li>I will not be in NSW throughout the hours of polling on election day.</li>
</ul>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/72742/original/image-20150223-21899-1mn39qm.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/72742/original/image-20150223-21899-1mn39qm.png?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/72742/original/image-20150223-21899-1mn39qm.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=639&fit=crop&dpr=1 600w, https://images.theconversation.com/files/72742/original/image-20150223-21899-1mn39qm.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=639&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/72742/original/image-20150223-21899-1mn39qm.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=639&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/72742/original/image-20150223-21899-1mn39qm.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=803&fit=crop&dpr=1 754w, https://images.theconversation.com/files/72742/original/image-20150223-21899-1mn39qm.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=803&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/72742/original/image-20150223-21899-1mn39qm.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=803&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">If you’re a NSW voter, you can test the iVote system before casting your ballot.</span>
<span class="attribution"><span class="source">NSW Electoral Commission</span></span>
</figcaption>
</figure>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/72743/original/image-20150223-20857-14qf66l.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/72743/original/image-20150223-20857-14qf66l.png?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/72743/original/image-20150223-20857-14qf66l.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=786&fit=crop&dpr=1 600w, https://images.theconversation.com/files/72743/original/image-20150223-20857-14qf66l.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=786&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/72743/original/image-20150223-20857-14qf66l.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=786&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/72743/original/image-20150223-20857-14qf66l.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=988&fit=crop&dpr=1 754w, https://images.theconversation.com/files/72743/original/image-20150223-20857-14qf66l.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=988&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/72743/original/image-20150223-20857-14qf66l.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=988&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A demonstration ballot used on the iVote site, which you can fill in and re-number if you make a mistake.</span>
<span class="attribution"><span class="source">NSW Electoral Commission</span></span>
</figcaption>
</figure>
<p>The 2011 version of iVote <a href="https://www.elections.nsw.gov.au/__data/assets/pdf_file/0007/93481/iVote_Audit_report_PIR_Final.pdf">misrecorded 43 votes</a>, which appeared with the letter ‘N’ in the box(es) where preference numbers are supposed to go.</p>
<p>The NSW Electoral Commission is right to try to provide an independent and private voting option for voters with disabilities. However, it’s not helpful for those voters if their vote can’t be counted because of bugs in the system, like that ‘N’ ballot problem.</p>
<p>And iVote wasn’t <a href="https://www.elections.nsw.gov.au/__data/assets/pdf_file/0004/93766/July_2011_Final_ACG_iVote_Report_ELE01-C_Final.pdf">actually adopted</a> by many voters who couldn’t use paper ballots: in 2011, fewer than 2000 iVote users (less than 5%) had a disability. </p>
<p>More than 90% of iVote users simply declared that they would be out of the state on polling day - a group of people with much more secure voting options, including pre-poll and postal voting. </p>
<p>So will a <a href="https://www.elections.nsw.gov.au/__data/assets/pdf_file/0003/125454/C1_iVote_Strategy_for_SGE_2015_Amend_3.pdf">revamped design</a> for the 2015 election and a new vendor (Everyone Counts has been replaced with <a href="http://www.theage.com.au/it-pro/government-it/spanish-firm-wins-nsw-ivote-tender-20140331-zqnyq.html">Scytl</a>) resolve the fundamental questions over vote privacy and electoral integrity?</p>
<p>The NSW Electoral Commission <a href="http://www.abc.net.au/news/2015-02-04/computer-voting-may-feature-in-march-nsw-election/6068290">certainly thinks so</a>, recently saying:</p>
<blockquote>
<p>People’s vote is completely secret. It’s fully encrypted and safeguarded, it can’t be tampered with, and for the first time people can actually after they’ve voted go into the system and check to see how they voted just to make sure everything was as they intended.</p>
</blockquote>
<p>So let’s consider those two key claims: vote privacy and the impossibility of tampering.</p>
<h2>Protecting privacy</h2>
<p>In response to concerns over the total lack of verifiability in the 2011 iVote run, a “Verification Service” has been introduced for the 2015 election.</p>
<p>Votes will be sent in encrypted, or hidden, form to a “Verification Service” run by the Australian Centre for Advanced Computing and Communications, known as AC3. Voters can telephone AC3, enter their 12-digit Receipt Number, and check the decrypted vote it reads back to them.</p>
<p>But that still leaves crucial privacy questions unanswered, including:</p>
<ol>
<li>What if someone bullies a voter into calling the system to reveal how they voted?</li>
<li>What if someone with (legal or illegal) access to AC3 observes the decrypted vote, and the caller ID of whoever called to “verify” it?</li>
<li>What if the “Verification Service” misreads the vote, in a way that matches a misrecording by the voting client?</li>
<li>12 digits isn’t long enough to secure modern encryption, so exactly what extra measures are in place to keep votes private?</li>
</ol>
<h2>Checking for undetectable vote tampering</h2>
<p>Now let’s consider vote tampering <em>after</em> voters call in to “verify”. </p>
<p>We’re told there will be a “Vote Auditor” who will reconcile the “Verified” votes with those passed from the main voting system into the count.</p>
<p>But even after reading the <a href="http://www.elections.nsw.gov.au/__data/assets/pdf_file/0007/193219/iVote-Security_Implementation_Statement-Mar2015.pdf">iVote Security Implementation Statement</a>, a number of issues are still unclear, including:</p>
<ol>
<li>Who is the “Vote Auditor” this year? </li>
<li>Exactly what data will they see? </li>
<li>Why should candidate-appointed scrutineers, who usually have the chance to observe paper-based processes directly, trust one appointed “Vote Auditor” to act for them all?</li>
<li>How do we know that the audit process detects all forms of manipulation?</li>
<li>All the privacy questions that applied to the “Verification Service” apply to the auditor too.</li>
</ol>
<p>These questions are particularly difficult to answer because no source code is publicly available.</p>
<p>Political parties and candidates have until March 16 to nominate a scrutineer to attend the <a href="http://www.votensw.info/candidates_and_parties/ivote_decryption_verification_ceremony">iVote Decryption Verification Ceremony</a>. Yet it’s unclear how those scrutineers will be able to do their job properly; with electronic votes, the scrutineers will have to take it on trust that all the data they can see on a screen has not been affected by unseen malware, software errors, hackers or other problems.</p>
<h2>Where electronic voting can work – and where it doesn’t</h2>
<p>Polling-place electronic voting can give the voter a real chance to verify that their vote is cast as they intended in the privacy of the booth. Good systems also provide some meaningful evidence to voters or scrutineers that the votes are properly included in an accurate count. </p>
<p>In Tasmania and Western Australia, voters with disabilities complete their ballot using a computer in a polling place, then print it out, check it carefully and put it in an ordinary ballot box. </p>
<p>I did a lot of work on the <a href="http://electionwatch.edu.au/victoria-2014/click-here-democracy-e-vote-explained">Victorian Electoral Commissions’s 2014 project</a> to implement open-source end-to-end verifiable polling place e-voting. </p>
<p>So to be clear, not all electronic voting is too risky; polling place-based electronic voting with a voter-verifiable paper record can provide proper peace of mind for voters and political candidates alike.</p>
<p>But as yet, no remote telephone or internet voting system in Australia or overseas truly provides reliable, usable, verifiable and private voting.</p>
<p>As the director of the University of Michigan’s Centre for Computer Security and Society, <a href="https://jhalderm.com/">Alex Halderman</a>, said to me recently:</p>
<blockquote>
<p>Internet voting sounds like a good idea, but it raises some of the most difficult security problems in the world today. My team studied real internet voting systems used in the US and around the world, and we found that online criminals, dishonest officials, or even state-sponsored hackers could hack in and change election results. The stakes couldn’t be higher.</p>
</blockquote>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/iit5WdLYwns?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">A University of Michigan electronic voting expert explains a key flaw in Estonia’s e-voting system.</span></figcaption>
</figure>
<p>That’s why, if you want to be sure your vote counts in the NSW election, I recommend you stick with an old-fashioned paper ballot.</p>
<p><em>* Vanessa Teague is involved with hosting the University of Michigan’s Alex Halderman, who is giving a free public lecture <a href="http://people.eng.unimelb.edu.au/vjteague/jhalderm_talk.html">in Melbourne on March 18</a> and <a href="https://cecs.anu.edu.au/internetvoting">in Canberra on March 23</a> on Internet Voting and Cybersecurity: What Could Go Wrong?</em></p><img src="https://counter.theconversation.com/content/37465/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Vanessa Teague receives funding from the Australian Research Council for work on electronic voting privacy. She is on the advisory board of Verifiedvoting.org. She worked on a voluntary basis for the Victorian Electoral Commission's electronic voting project.</span></em></p>The NSW election will be Australia’s biggest test of electronic voting, with up to 250,000 votes set to be cast online or by phone. But many questions remain about the integrity and privacy of those votes.Vanessa Teague, Research Fellow in the Department of Computing and Information Systems, The University of MelbourneLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/214832013-12-16T06:43:35Z2013-12-16T06:43:35ZDigital democracy lets you write your own laws<figure><img src="https://images.theconversation.com/files/37796/original/cf2b3vmt-1387111550.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Digital democracy gives you the tools to create the society you want to live in.</span> <span class="attribution"><span class="source">Dominic's pics</span></span></figcaption></figure><p>True democracy is not just about casting a vote every five years. It means citizens being fully involved in the proposal, development and creation of laws. The <a href="http://www.bbc.co.uk/news/uk-politics-25124036">Commission on Digital Democracy</a> currently being established will consider what part technology can play in helping people to take an active part in the way the country is run.</p>
<p>The commission is setting its sights on “Parliament 2.0”, a vision of the future in which citizens participate in online elections, electronic referendums and richer relationships with their political representatives.</p>
<p>In recent years we’ve seen technology help people become more involved in debate about all aspects of society. So it is clear that it can play a much greater role in political participation too. As the Commission gets started, it’s a good time to think about what we want our digital democracy to look like. There is inspiration to be found all over the web.</p>
<h2>Wikipolitics</h2>
<p>Technology can enable direct participation in the democratic process, without relying on representatives and without the citizen even needing to leave the comfort of their home.</p>
<p>One particularly useful tool in the quest for a digitally engaged electorate will be online forums. These can be built to manage discussions about proposed legislation in a structured way, making it easy for citizens to participate meaningfully. </p>
<p>Politicians and policymakers can use online forums to crowd-source expertise and the views of citizens on their plans – and to refine their proposals based on what they get back. This “direct democracy” would allow for laws to be based on genuine citizen deliberation rather than merely aggregating the preferences of citizens into a single vote at the beginning of each electoral cycle.</p>
<p>Wikipedia is an example of how this system might work, but it also shows some of the problems that can arise when technology and democracy mix.</p>
<p>Wikipedia has relatively little mechanism for coordinating edits, instead allowing editors to work on their own. Despite this decentralised approach, the quality of articles is generally very high. On the down side, edit wars and <a href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/wikipedia-we-have-blocked-250-sock-puppets-for-biased-editing-of-our-pages-8895112.html">sock puppetry</a> – when individuals use multiple user identities to create the impression that their views are shared by others – are an enduring concern.</p>
<p>To help make Wikipedia a trustworthy source, editors can build their reputation by establishing a track record of constructive behaviour. Wikipedia has a hierarchy of users for administrative purposes, based on community approval, but all users are considered to have equally valid opinions regarding Wikipedia content. The emphasis is on building consensus; an arbitration committee deals with disputes that remain unresolved.</p>
<h2>Reddit, rate it, vote it</h2>
<p>More formal mechanisms are to be found elsewhere online that could help provide the kind of format and structure that might be needed to produce good legislation. In Yahoo! Answers, for example, readers can vote up and vote down contributions made by others. Writers who are voted up gain points that indicate their good reputation.
Other question-and-answer forums, such as <a href="http://www.reddit.com/">Reddit</a> and Stack Overflow, use similar mechanisms. This kind of collaboration can be further improved using the kind of real-time simultaneous editing provided by Google docs.</p>
<p>But again, there are perils. Time wasters, product pushers and disruptive trolls are bad news in online forums and can disrupt the way they operate. In the context of digital democracy, the potential for damage is even higher.</p>
<p>We will need to develop mechanisms that would make it possible for everyone to get involved in Parliament 2.0 in a fair and transparent way. This includes preventing abuse by lobbyists, special-interest groups, and extremists, who may try to thwart the mechanisms for non-democratic purposes. Unlike in traditional voting, which provides each person with one vote, we can’t assume that everyone will participate in digital democracy equally. That makes it quite difficult to define fairness. It is also difficult to balance accountability (needed to prevent trolling) and privacy (needed to allow free expression).</p>
<h2>Online voting</h2>
<p>Computer scientists have made great progress in figuring out how online elections could be made secure. One important idea is to design systems that enable <em>outcome verifiability</em>. This would allow citizens to check that the outcome of an election really does match the votes cast.</p>
<p>To ensure free and fair elections, we also need a property called <em>incoercibility</em>. This means voters cannot sell their vote, or be forced to vote in a particular way. Online voting systems with these features are being developed by researchers around the world and this will soon change the way we participate in elections. </p>
<p>The hope is that, if well-designed and implemented, mechanisms for digital democracy could be built that would greatly increase societal inclusiveness and cohesion, as well as lowering the costs of making democracy work.</p><img src="https://counter.theconversation.com/content/21483/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors receive funding from EPSRC for computer security research, including the security of online voting mechanisms.</span></em></p><p class="fine-print"><em><span>Gurchetan Grewal works on the project "Trustworthy voting systems" funded by EPSRC.</span></em></p>True democracy is not just about casting a vote every five years. It means citizens being fully involved in the proposal, development and creation of laws. The Commission on Digital Democracy currently…Mark D. Ryan, Professor of Computer Security, University of BirminghamGurchetan S. Grewal, PhD student in Computer Security, University of BirminghamLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/211982013-12-10T06:33:10Z2013-12-10T06:33:10ZDigital voting is a game changer but we have to get it right<figure><img src="https://images.theconversation.com/files/37045/original/kcsj4kcm-1386263979.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">If successful, electronic voting poses a serious threat to the great British queue.</span> <span class="attribution"><span class="source">Ruth W</span></span></figcaption></figure><p>The UK may be taking its first, tentative steps towards introducing online voting with the establishment of a <a href="http://www.hansardsociety.org.uk/wp-content/uploads/2013/11/Designing-a-Parliament-for-the-21st-Century-Hansard-Society.pdf">Commission on Digital Democracy</a>. As so many of our routine tasks are going digital, the shift towards virtual polls seems like a natural progression. However, there are many technical issues that need to be ironed out and the stakes are very high. </p>
<p>John Bercow, Speaker in the UK House of Commons, established the commission with a view to looking at how technology can be used to aid the democratic working of parliament, including online voting. This team would do well to take a look at what has, and has not, worked elsewhere around the world. </p>
<h2>The pitfalls of online votes</h2>
<p>Electronic voting can take a number of forms, including tallying votes by computer, using electronic equipment in polling stations and voting over the internet from the voter’s own computer or mobile device. Voting by phone is already used in entertainment shows, though multiple voting is possible and result-fixing has been known to happen.</p>
<p>Internet voting is also carried out for professional societies, student unions and other forms of election. It works well when cost and desire to increase turnout are important factors and where the likelihood of an attack on the election is considered to be low.</p>
<p>If we were to start using e-voting systems for electing political representatives, we’d need to be absolutely sure of their trustworthiness. Computer systems, including e-voting systems, can go wrong accidentally through software bugs, they can be hacked, and they can be subverted by corrupt insiders. Systems used in elections have been the subject of criticism for all these reasons, resulting in some cases from their withdrawal.</p>
<p>The potential frailties of e-voting systems have been demonstrated several times. In 2010, for example, researchers from Michigan State University successfully <a href="http://www.youtube.com/watch?v=f0IgQWMRJGA">took over</a> an internet voting system deployed by Washington DC, and managed to reach a position where they could have undetectably rigged the election. In the Netherlands, a campaign group called <a href="http://wijvertrouwenstemcomputersniet.nl/English">We Don’t Trust Voting Computers</a> has even emerged to stop the use of such systems in elections.</p>
<h2>Secure design</h2>
<p>As well as making sure security concerns are addressed, the design of an e-voting system also needs to provide verifiability. Independent checks and balances are needed to ensure that bugs, hacking and corruption are detectable and cannot have an impact on the election. Voters will want to know how they can be sure that the system has not corrupted, subverted or lost their votes.</p>
<p>This is particularly difficult in voting because voters have a secret ballot and are reliant on the system to handle it correctly. The interaction between a voter and the system is private and the vote recorded within the system should not be connected to the voter. This is in contrast to <a href="http://electionlawblog.org/wp-content/uploads/jefferson-onlinevoting.pdf">banking</a> for example, where errors and theft are more easily detected.</p>
<p>To address these problems, e-voting systems in the US and elsewhere have introduced the Voter Verified Paper Audit Trail as an independent paper record of the votes cast. These systems have had their problems too, though, and security is best designed into a system rather than bolted on afterwards.</p>
<h2>Who’s doing it?</h2>
<p>Estonia leads the way in Europe for <a href="http://vvk.ee/voting-methods-in-estonia/engindex/">parliamentary internet voting</a>, having used it since 2007. Its system is built on top of the national digital identity card, which is used to authenticate voters to the system. To introduce a similar system in the UK, we would need some equivalent way of providing non-transferrable credentials.</p>
<p>Estonia also seeks to address another major concern relating to internet voting; the ease with which a coercer could force someone to select a candidate or party that is not their preference by watching them cast their vote. In Estonia, polling stations still operate alongside e-voting, so that people can choose the more traditional method of casting their vote if they feel under pressure. Voters can even vote again after their initial choice and only the final vote cast will count. This means that a coerced vote can be corrected later.</p>
<p>However, to achieve this the system must keep a record of votes against voters, which requires a great deal of trust and confidence in the election officials, who may have access to highly sensitive information and are required to safeguard it. There is no suggestion here that Estonian election officials are dishonest or incompetent but any system that relies on the honesty and competence of its operators is less than ideal.</p>
<p>There are many technical challenges still to be overcome but progress is being made. We are working with the Victorian Electoral Commission in Australia, for example, on a verifiable e-voting system which we aim to use in the 2014 Victorian State election.</p>
<p>The Victorians are keen to introduce this type of technology to make voting more accessible for blind and vision-impaired people and to be able to provide ballots in up to 20 different languages. It is also aimed at making voting from outside the state easier and help voters to correctly fill out the large and complex ballot forms used in Australian elections. Of course, this has to be done in a secure way, and so the system is designed using cryptography to provide ballot secrecy for voters and end-to-end verifiability to allow independent external checks that the system has processed the votes correctly, right from when ballots are cast through to the final tally.</p>
<p>It is challenging enough to introduce electronic voting into the polling stations, where we have control over the equipment. Internet voting raises a whole set of additional challenges. These are not insurmountable, but neither should they be underestimated. They need to be properly and carefully tackled if we are going to build an infrastructure for e-voting fit for the future.</p><img src="https://counter.theconversation.com/content/21198/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Steve Schneider receives funding from the EPSRC and the Victorian Electoral Commission.</span></em></p>The UK may be taking its first, tentative steps towards introducing online voting with the establishment of a Commission on Digital Democracy. As so many of our routine tasks are going digital, the shift…Steve Schneider, Professor of Computing , University of SurreyLicensed as Creative Commons – attribution, no derivatives.