As the dust settles following the extraordinary US presidential election, the focus is firmly on the US’ fragmented voting system. Is now the time to fundamentally change it?
With many citizens cautious about the coronavirus risk of standing in line for hours on end, record numbers took the safer option of voting by mail instead.
Since then, Donald Trump has repeatedly attempted to throw doubt on the results, claiming variously that mail-in ballots came in too late, that they were sent to people who hadn’t asked for them, and that the wrong sort of pens damaged the paper. In some nations, though, these concerns look not just unfounded but archaic.
Electronic voting is now used in dozens of countries, pioneered in 2005 in that most digital of nations, Estonia.
Here, voters simply use their own device to log in to the system using their national ID, enter a PIN code to cast their vote and then scan a QR code to make sure their ballot was received. The system’s widely accepted, with 44 per cent of voters casting their ballot electronically during 2019’s presidential election.
In other countries, e-voting still entails a visit to the polling station but sees votes recorded on an electronic voting machine, allowing a far quicker count. In Brazil, for example, all votes are recorded this way, allowing for a final tally within hours. So what’s not to like?
Is e-voting secure?
The main issue with e-voting is cybersecurity – particularly when it comes to Estonia-style internet voting.
Here, the election infrastructure is just one part of a strong digital identity system that sees citizens’ data spread across hundreds of servers, each with its own software architecture and security system.
Over the years, the security of the internet voting system has been regularly evaluated and improved, and a working group is currently carrying out a review.
No attempted e-voting hacks have ever been detected.
However, in the absence of such an all-encompassing ID system, most nations would need to use standalone systems – and here security concerns remain.
According to the UK’s Institution of Engineering and Technology (IET), internet voting currently falls short in the areas of platform security and digital identity management; DDoS attacks, malware and keylogging are all cited in its report.
The importance of trust
However, according to the IET, the biggest issue with internet voting is outcome verifiability – whether that’s the ability of the voter to check their ballot was cast as intended, the ability to check that only eligible votes were included or the ability to check that the outcome was computed correctly.
These can be delivered through techniques such as homomorphic encryption and zero-knowledge proofs, although this may make things more complicated and confusing for voters.
The biggest issue with electronic or internet voting is public confidence.
While electronic voting machines at polling stations, such as those in Brazil, can’t be hacked – they’re not connected to the internet – this doesn’t seem to reassure users.
Last year, research by the MIT Election Data and Science Lab revealed that US voters who used electronic voting machines tended to have lower trust in the correct recording of their vote, lower trust that electoral officials would not change the results and lower trust that electoral systems would not be hacked.
In Estonia, by contrast, the digital identity system is widely trusted, partly because citizens have the right at all times to see who has accessed their data, with any misuse automatically flagged. This trust carries across to the voting system.
The issues with internet voting, in short, appear to be less about real security concerns and more about trust in government – and it may take rather more than security audits to fix that.