All governmental elections are a matrix: part theater, part palace intrigue, part instrument for change. Elections still serve much the same function that they have since democracy got its start in Classical Athens, but the mechanisms by which we elect governments have changed. In Athens, voters dropped pebbles into urns. Colonial Virginians practiced public voice voting. But in the 20th century, as with most aspects of life, elections were transformed by technology. First, electronic vote counting machines were introduced, followed by the more recent advent of Electronic Voting Machines (EVMs). Today, innovations continue to reshape how we vote, making the electoral process more secure, efficient and direct. In fact, because they demand extraordinary rigor and involve deeply complex technical ideas, elections may be a useful case study for testing the public’s risk tolerance when it comes to Information Security (or InfoSec).
At this early stage, some solutions are finding enthusiastic support — particularly in large, developing nations relatively new to democracy (e.g., India and Brazil). Voting technology may be taking hold in these countries because their democracies are still new enough (at least relative to the U.S. or Europe) that a technical overhaul feels like a natural step forward rather than a change of course, or simply because the size of their electorates demands efficiency.
In any case, they are not alone; EU member country and “i-Voting” pioneer Estonia has led the world community in the area of digital voting since at least 2005, when they held nationwide elections online. Estonia calls its voting platform “simple, elegant and secure.” Why, then, have other E.U. nations (or developing democracies for that matter) not embraced a similar approach?
The simplest answer might be that there is not enough public trust in the technology. As early as 2006, a Dutch organization descriptively titled the "We Do Not Trust Voting Computers" Foundation lobbied against the use of EVMs in the Netherlands, and wrote a scathing report on the Nedap ES3B voting computer in particular. The group successfully persuaded the District Court of Amsterdam to decertify a series of voting machines in 2007, and the subsequent year, a law was passed banning voting computers in the Netherlands altogether. It is an example worth examining, in part because a small foundation’s lobbying efforts, astonishingly, led to the abandonment of a nationwide electronic voting system. In their 2006 elections, almost 99 percent of Dutch voters used an EVM; since then, all voting in the country has been done with paper ballots which are counted by hand.
More significantly, however, the Dutch example shows us what can happen when the stakes are acknowledged. In their report on the Nedap machine, the Foundation wrote, “any vulnerabilities discussed herein affect the very foundations of our democracy.” This is why critics of digital, mobile and even electronic voting fight tooth and nail against new technology: they perceive the stakes to be astronomical, with society itself on the line.
New solutions, therefore, are only likely to succeed if they recognize said stakes, and in turn position themselves as secure, efficient and transparent upgrades to the democratic process. If digital and mobile voting technologies can credibly claim these three qualities, democracies worldwide (no matter their level of development) may soon see good reason to adopt them.
Secure The Vote
For many, security concerns make digital voting an uncrossable bridge. It’s common sense that security is more important than efficiency when it comes to elections — this fact is largely not up for debate. We should never compromise security for the sake of efficiency, transparency or actually for any reason at all. Critics claim that because elections are high-stakes, no-room-for-mistakes operations, we should be wary of new electoral technologies which might be vulnerable to hacking, tampering or failure. They’re right. A recent project in West Virginia which leveraged Hyperledger blockchain technology to allow deployed military to vote via smartphone in the 2018 U.S. midterms (using an app called Voatz) came under fire from InfoSec experts for what they considered lax design.
And the Voatz / West Virginia project, while indeed good-intentions it had, fell short security-wise to the point that the InfoSec community treated it like target practice. For starters, Voatz claimed to use the “immutability of the blockchain” to ensure security and impartiality. In reality, the eight verifying nodes Voatz used in their West Virginia pilot were all controlled by... Voatz. (By comparison, Bitcoin’s network runs on 10,000+ nodes in 100+ countries with no centralized management). An eight-node database controlled by one entity is hardly the “distributed ledger” that Voatz promised. Moreover, if InfoSec experts like Kevin Beaumont are to be believed, Voatz fudged basic precautions (e.g., securing their database and website, running adequate security audits, or even providing avenues for reporting vulnerabilities).
What does the Voatz saga teach us about introducing new tech into our electoral process? At least in developed nations, you’d better have your ducks in a row. But even so, what if Voatz had done a much better job? What if they had deployed a more sophisticated solution, one which used a legitimate distributed architecture and state-of-the-art security? Still, it is a tough sell. Jon Evans, writing for TechCrunch, crystallized why Voatz and other electoral tech faces such an uphill climb:
“We need to step back and ask a question here: why are we trying to vote via an app and collate election results on any kind of centralized system at all? We don’t want to make voting more efficient. Efficiency is not the problem we are trying to solve with elections. The inefficiency of paper ballots and their handling and collation and tabulation is a feature, not a bug.”
Evans and many others see paper ballot voting as efficient enough. Why improve on a mechanism that works, if the proposed improvements could create much larger problems? In the United States or the Netherlands, paper ballot voting is efficient enough; our democracies work fine for the most part without digitization or mobile access to the ballot box. The same is not true elsewhere in the world.
Efficiency Is Democracy
On February 16, 2019, Nigeria postponed its general elections by a week. The country’s elections commissioner decided that, due to weather, acts of vandalism and challenges in the courts, the vote for President, Vice President, and National Assembly would take place on February 23, one week later than planned. The decision came at 2:30 a.m. — just hours before polls were set to open.
Emotions have run high following the postponement, with the opposition PDP party accusing the ruling APC party of staggering the election (and the APC issuing counter-accusations of their own). It is unclear whether a more technically advanced election mechanism would have helped avoid the postponement; what is clear is that the true cost of the postponement will be considerable. 84 million Nigerians were registered to vote in this election, and many of them traveled to their home districts to do so. Because Nigeria lacks an absentee voting system, voters must cast their ballots in their home districts, and traveling there can be expensive and time-consuming. On top of that, Nigeria exhibits extremely low turnout compared to its neighbors, ranking 41st out of 44 African nations in their last presidential elections. The postponement seems likely to sink turnout even lower.
Turnout is essential in a democracy. The Economist bases their Democracy Index in part on political participation, citing their belief that “public participation is the bedrock upon which democracy rests." Turnout in the Nigerian elections could be improved, no doubt, by e-voting; not only would the establishment of an absentee ballot system allow Nigerians to cast votes even from abroad, but the electoral postponement likely could have been avoided altogether.
Factors like weather or vandalism likely would not affect distributed environments like the one Voatz purported to use in West Virginia, nor would they threaten cloud-based environments like Estonia’s. Additionally, the multi-step process of voting in Nigeria could be streamlined, eliminating the need for a Permanent Voter Card (which is currently required to cast a vote). With improved turnout, Nigeria could enjoy a more ideal democracy. With fewer episodes such as the postponement, the nation might enjoy a better reputation among observers and investors.
Transparency Or Bust
The concept of transparency is closely tied to security. Elections can only be fully secure if they are also fully transparent; this is because transparency is required for verifiability, and verifiability is in turn necessary to be sure that a voting system has not been breached. But what exactly does ‘transparency’ mean, in this context of voting? Researchers have defined “End-to-End Verifiable Voting” (E2EVV) systems as enabling voters to perform the following:
- The voter is able to check that her ballot represents a vote for the candidate to whom she intended to give the vote.
- Anyone is able to check that valid ballots do not contain over-votes or negative votes.
- The voter can check that her ballot is recorded as she cast it.
- Anyone is able to check that all the recorded ballots have been tallied correctly.
- Anyone is able to check that the voters and the general public have the same view of the election records.
- Anyone can check that any cast ballot has a corresponding voter who can perform check No. 3.
In short, E2EVV gives every voter total access to their own vote, as well as to the pool of accumulated votes, while also cryptographically maintaining anonymity for each individual voter. Such a system not only improves security by empowering the electorate to perform a kind of distributed audit, but also leaves a verifiable (though encrypted) paper trail of each vote.
Verifiability of this kind confers a new integrity to real-world elections. India’s upcoming 2019 Lok Sabha election is set to feature a literal paper trail; the country’s election commission has committed to the use of “Voter Verifiable Paper Audit Trail” (VVPAT) machines at all polling stations. These machines ostensibly allow voters to perform checks no. 1 and 3 from the above list at the ballot box itself, while producing paper slips which can later be audited to satisfy checks no. 2, 4, and 5.
Advocates believe that the VVPAT system will shore up security around India’s controversial EVM machines while critics say that the EVMs in use are impossible to fully secure, VVPAT-enabled or not. Considering that almost 900 million Indians are eligible to vote in this year’s election — the largest democratic exercise ever — tampering or fraud could have devastating consequences, both for India and for democracy itself. The importance of defensive measures like transparency, therefore, cannot be overstated.
The Horizon View
Clearly, the push to digitize elections is not popular among much of the InfoSec community. Mainly citing the security flaws of projects like Voatz, or the tamperability of EVM devices and the databases which support them, critics argue that the world is not ready for e-voting. Yes, the case for tight-as-a-drum security around our elections — of which we may not yet be capable — is undeniable. But so is identity in general. Last year, data breaches, leaks and hacks compromised the personal information of hundreds of millions and sent shock waves through industry, in developed and developing markets alike.
However, this has not stopped consumers from using the services in question, and suggests that ordinary consumers think differently about identity security depending on context. They may be cavalier with their name, date of birth, bank account information, or even their personal ID number when using online services, but become hyper-cautious when they perceive their vote — and the integrity of the democracy to which they contribute — is at stake. Therefore, because they demand total security, elections may serve as a suitable vetting laboratory for new identity and InfoSec technologies.
Also undeniable, however, is that the imperfections affecting many democratic processes around the world (see: Nigeria) cry out for modernization. Do security constraints put any improvement out of reach? The debate calls to mind Voltaire’s “the best is the enemy of the good." But in this case, which is which?