Electronic voting still not ready for prime-time

Published: Posted on

Today, the EU elections are set to be one of the most important in the Union’s history, taking place during Brexit negotiations, where the future of the European bloc remains uncertain.

Currently, Estonia remains to be the only EU nation to let its citizens vote in the election via online voting. In 2007, Estonia became the first EU country to introduce e-voting in a national general election, despite the country suffering a politically-motivated cyber-attack the very same year. The historic attack had led to disruptions to government servers and the shutdown of many online banking services and newspapers for several days.

This attack demonstrated the catastrophic effects of cyber-attacks and our increased dependence on digital technology in our day to day lives.

There has been a rising fear of cybersecurity threats and foreign interferences that hope to influence the result of this election, particularly after reports earlier this year of a Russian hacking campaign that had targeted European think tanks and non-profit organisations carrying out research on democracy and electoral integrity. The targeted employees faced attacks, using the same method used ahead of the US presidential elections in 2016.

Europol reports that law enforcement agencies across the EU are preparing for major cross-border cyber-attacks during this election and are ensuring that their protocols are robust.

Estonia’s 2019 parliamentary elections did not experience any successful cyber intrusions or threats, largely due to lessons learned and the government’s efforts to secure its systems over the past decade. Estonia prides itself in being named ‘the most advanced digital society in the world’ and dubs itself e-Estonia.

Electronic voting could prove to be extremely beneficial in elections. It can eliminate barriers such as accessibility, reduce costs and enhance the efficiency of the election process. Estonia saves 11,000 working days per election, as e-voting speeds the process of ballot counting and reduces the costs of having a workforce to manually count the ballots. It is predicted that the UK could cut the costs of elections by a third if it introduced e-voting.

While the use of technology has shown many benefits, it subsequently also introduces the risk of compromised cybersecurity and creates new ways for foreign actors to infiltrate and delegitimise the results of democratic elections.

Unlike other forms of e-voting such as electronic voting machines, remote online voting is cast through a person’s own personal computer or smartphone where the reliability and security of the device is not guaranteed.

Online voting relies on the assumption that our personal devices are secure, and are not vulnerable to cyber-attacks. Devices that are infected with malware are much more vulnerable. Reports have shown that one third of all computers are infected with malware.

If attackers are successful, they can intercept the user’s vote and change the outcomes of the election, undermining the legitimacy and integrity of the democratic process.

Many computer scientists have concluded that current technology cannot safeguard secure and reliable e-voting systems.

Researchers at the University of Birmingham’s Centre for Cyber Security have developed a protocol that eliminates the need for voters to trust their computers via a hardware token used to cast a vote, similar to those used in online banking. This idea addresses the potential that the voting laptop or smartphone has malware. The system assumes a very powerful adversary that can control the manufacture and programming of the server, the voting device and the hardware token, yet still guarantee vote integrity.

But remote e-voting also poses the problem of possible coercion of voters. Traditional voting through paper ballots at polling booths eliminates the possibility of coercion as they are anonymous and do not leave an identifiable trail but i-voting does not guarantee the same level of privacy. Voters could be coerced to vote a certain way by being watched or denied a private space to cast their vote.

E-voting has also shown that to not always enhance political engagement. After its introduction in Estonia, voter turnout did not increase significantly as one would hope. In fact, many believe that it introduced barriers between socioeconomic classes and age groups.

Governments are still looking at ways technology can be used to benefit our democratic processes and institutes and reducing the associated security risks. Technology can make political participation accessible in rural and isolated communities and for voters with disabilities. It can help us engage with younger voters and use the internet as a tool to encourage political participation and education.

IET is exploring the challenges around applying e-voting technology to General Elections in the future and they’d like to hear from IET members who can add value to these discussions.

If you feel you have the necessary expertise to contribute to a roundtable discussion on e-voting, please get in contact.

Ahmed Kotb, Digital Lead (akotb@theiet.org) – spaces are limited.

 

About the Birmingham Centre for Cyber Security and Privacy

The Security and Privacy Group is a team of eleven academic staff based in the School of Computer Science at the University of Birmingham. For over a decade, the group has remained committed to its ethos of tackling cybersecurity problems that are important to society. Working in collaboration with academia, industry, and government, the Group consistently produces internationally leading research on key issues that has led to the University of Birmingham being recognised as an NCSC-EPSRC Academic Centre of Excellence in Cyber Security Research.

Contact us: ace-csr@cs.bham.ac.uk

 

Share:

2 thoughts on “Electronic voting still not ready for prime-time”

Leave a Reply

Your email address will not be published. Required fields are marked *