Is digital voting secure enough for national elections?

As political engagement falls, technology keeps moving. Do recent digital voting innovations make it secure enough to bring the ballot box to voters?

As political engagement falls, technology keeps moving. Do recent digital voting innovations make it secure enough to bring the ballot box to voters?

2020 is a big year for democracy. There’s a US presidential election, 100 years of US women’s suffrage and policymakers around the world considering how to make elections safer in a pandemic.

As COVID-19 has brought rising unemployment in most countries, maintaining stability means maintaining – or better, improving – trust in government. With voter turnout down around the globe, policymakers should also be asking how they can re-engage citizens in democracy.

You’ve probably not seen that question answered quite so cluelessly as my local council in the run-up to its 2019 election, by sticking giant poo emojis all over town. Surprise – it didn’t work. Voter turnout fell six percentage points on the previous election.

Among the Facebook fury that called the poo emoji campaign tasteless and patronizing, a lone voice suggested another way to achieve the campaign’s aim. “I filled in my voting papers a couple of weeks ago, but it’s sitting in its envelope still, ready to be posted. When I get the chance to swing by a post box, I will, but it’s not something I do these days. Bring voting into the click-of-a-button digital world, and you will have voters.”

Could it possibly be that simple? Voter turnout is falling in almost every country – a trend that started around 1990. When we’ve fought life-and-death battles to vote, could inconvenience really put people off something so important? It’s certainly plausible –  behavioral science shows small changes in environment can make a big difference to what people choose to do.

If the medium is the message, perhaps ways of voting that seem irrelevant and outdated may imply voting is irrelevant and outdated too.

I asked democracy campaigners and commentators in several countries where they stand on digital voting. Do they think it will soon be feasible for national elections?

Proportional representation may be fairer, but does it get us voting?

Josiah Mortimer of the UK Electoral Reform Society dismisses digital voting entirely. “There are more pressing problems with the voting system than going to a polling station or getting a postal vote. Major privacy, accuracy and trust concerns have not been dealt with, and we feel the issue is a distraction from the real democratic crisis. The priority is ensuring every vote counts – in the UK by switching to proportional representation, modernizing voter registration and improving citizenship education.”

Proportional representation describes any electoral system that ensures the proportion of representatives elected matches their party’s share of the overall vote. That’s distinct from non-proportional systems like first-past-the-post or electoral college, where winning certain areas can see a party less popular overall gaining power. Proportional representation has received renewed attention in the UK since its 2019 election returned what Jack Blumenau and Simon Hix described as “the most disproportionate outcome of any election in the post-war era” in a London School of Economics blog post.

Secure Futures

What's coming next?

Be first to find out what’s happening in tech, leadership and cybersecurity.

Stay ahead

Proportional representation might make for fairer results, but could it reverse declining voter turnout? After New Zealand adopted proportional representation in 1993, voter turnout fell for many years, to an all-time low in 2011. Then, it started rising again, with their October 2020 election seeing the highest turnout in many years. Whatever drives New Zealand’s election turn-out, there’s more to it than proportional representation.

For its “privacy, accuracy and trust” concerns around digital voting, Electoral Reform Society pointed me to a 2015 article, Why we can’t vote online. It describes designing online systems that match the secrecy, accuracy and verifiability of paper as “incredibly hard,” referencing flaws found in Estonia’s election system in 2014.

The article’s arguments may have been fair and accurate at the time, but what about today? Five years is a long time in technology, and in the number of eligible voters who expect to do everything digitally.

Ballot secrecy is the heart of the issue

Lawrence Norden, Director for Election Reform and Democracy at the US’s Brennan Center for Justice, often writes on security and electronic voting. He’s optimistic online voting could one day be secure enough to rely upon, but cautions against ‘too much, too soon’ as COVID-19 puts the pressure on to find safer ways to vote. “Election officials shouldn’t be left on their own to figure out whether a system is secure and reliable. It is possible that one day, we can develop such a system. But currently, there are no generally accepted benchmarks to evaluate the security of online voting pilots.”

Norden places safeguarding electronic voting suppliers in his top two priorities. “We need a federal certification framework for election system vendors and their products. Hackers targeted vendors in 2016. We have little insight into vendors’ internal cybersecurity practices, who works for them and who owns them. This is more of a security risk than we should be willing to accept.” This makes sense, given supply chain attacks are common.

Norden thinks ballot secrecy is the big challenge for voting online. “When we rely on software to provide us with election totals, as in the US, we must have a way to confirm the totals are accurate. The best way, while maintaining ballot secrecy, is to check the paper record against the electronic totals. There is no such record in paperless electronic machines or online ballots. If a hacker changes a vote transmitted over the internet, we might not know.”

Norden highlights voters can still do a lot to protect their vote from cyberattack. “They should check their voter registration online. They could volunteer to work on election day. They can learn the rules for how and when to vote early – the earlier people vote, the less chance a cyberattack can interfere with their ability to cast a ballot that will count.”

What does secure digital voting look like?

Dr. Muhammad Rizwan Asghar, Senior Lecturer, School of Computer Science at the University of Auckland, is another frequent commentator on digital voting. Does he think online voting could be secure enough to be the election standard sooner, later or never?

“One might argue if Estonia can do online voting, any country can, but this might not be true. There have been reported vulnerabilities on the voter and voting server ends. Even if we assume there are no issues with existing online voting systems, Estonia is a tech-oriented country with a population of just 1.3 million.

“Addressing security risk for online voting means mitigating cybersecurity challenges at the user, communication and server levels. An online voting system needs a form of vote integrity, so votes can be tallied while ensuring voter privacy. Cryptographic schemes achieve this. Each voter encrypts her vote. Using a public bulletin board, voters can see the votes they cast. Once all the votes are cast, they’re summed using homomorphic encryption, then the final sum decrypted. The decryption key is split among a set of trusted authorities who must collaborate to reveal the final result. It’s promising, but not enough on its own.

Making online voting safe requires a safe cyber environment.

Dr. Muhammad Rizwan Asghar, Senior Lecturer, School of Computer Science at the University of Auckland

Some cybersecurity experts say there will never be anything safer than in-person voting with paper slips, but Dr. Asghar points out, “Each approach has its issues. In paper-based elections, people can be prevented from reaching polling booths. They can be harassed or coerced. A returning officer can spoil ballots. We can address most of these concerns using online voting. It could also make voting more accessible and help get results faster. But recent reports show voting servers are an attractive target for state-sponsored attackers. They can make servers unavailable using Denial of Service (DoS) or Distributed DoS (DDoS) attacks.”

What should any authority considering online voting learn from Estonia? “Estonia has made their system’s source code public to foster trust and minimize the potential attack surface. They have internet and computer training programs for voters. If a voter has been coerced, they can go back later and change their vote or even vote in person on election day.”

Despite his optimism for the future of online voting, Dr. Asghar says it’s hard to imagine online voting being ready for national-level elections in the next few years. “Not only is developing the system highly challenging, there must also be training in how to use it.”

Can blockchain help make digital voting secure enough?

National-level elections are always a high-risk environment for interference, whether people tamper with papers in person or nation state-sponsored cybercriminals attack digitally. So it follows we’re seeing promising innovations in secure voting technology like Polys used first in low-risk, closed-group settings, like workplaces, universities and local government.

Polys uses blockchain and encryption to make a tight voting system. “Encryption built on top of a blockchain system makes every vote like a ‘black box’ – no one can see how any person voted,” explains Alexander Sazonov, Head of Product at Polys.Digital voting democracy polys“We identify voters using unique email and SMS codes, or third-party identification, checking they’re entitled to vote and that they are whom they say they are. The database is distributed among participants, making it almost impossible to change. It’s hard to hack because you’d need to access multiple distribution points at the same time.”

Polys took off with companies and organizations that can’t hold in-person elections because their people are distributed around a large area. Soon, European Youth Parliament, Russian Supreme Court and numerous university elections were using it. Several Russian regions now use Polys to consult citizens on budget expenditure decisions.

Sazonov further explains Polys’ security features. “People make mistakes when counting paper votes, but with Polys, every server on the blockchain independently counts votes. They then synchronize with each other. If the results match, the vote is closed and declared accurate. If there’s a discrepancy, the administrator can launch an investigation. No system is completely un-hackable, but ours is transparent enough that hacking can be detected and investigated, while voters stay anonymous.”

How will we come to trust digital voting?

British political philosopher Baroness Onora O’Neill speaks in her lecture series, A Question of Trust, of how public institutions should aim, rather than to be trusted, to be trustworthy. She argues it is being trustworthy that creates trust.

The same may be true of electronic voting. For the public to trust it, it must prove itself trustworthy. Many of the risks of digital voting exist with paper-based voting and are as hard to detect in that setting. Secure, digital voting would offer voters protection paper cannot.

The Brennan Center’s Lawrence Norden makes sense when he says digital democracy shouldn’t be rushed because of COVID-19. But even without the pandemic, it seems high time to trial digital voting alongside existing options for lower-risk, local elections.

In the face of plummeting voter engagement and likely global recession, the need to re-engage voters can’t be put aside – trust in government depends on it. Policymakers must acknowledge technology has changed everything about how voters live. It must inevitably change how we vote.

Digital voting for organizations and local government

With blockchain and encryption, Polys makes voting anonymous, secure and immutable. Powered by Kaspersky.

About Polys
Suggested articles
Author info

What's coming next?

Be first to find out what's happening in tech, leadership and cybersecurity.