Discussion in the UK about updating the voting system has been ongoing since 2005, but attacks by Russian hackers on the 2016 US presidential elections have alarmed UK government officials and citizens alike. While the Commission on Digital Democracy recommended in January 2015 that e-voting be implemented by 2020, Conservative, Labour and Liberal Democrat parties quietly dropped support from their manifesto.
Citizen confidence has also been shaken. A survey undertaken by cybersecurity company Avast found that a majority – 53 per cent of British citizens – would not trust an electronic voting system. “The claims that Russian hackers had some influence on last year’s US Presidential Elections has sparked a wave of scepticism around the safety of electronic voting here in the UK,” argues Pete Turner, Consumer Security Expert at Avast.
However, while these concerns may be understandable, they shouldn’t prevent electoral processes being brought in line with practices of other arms of government and business. Recent blogs on BVEx have examined the critical role trust plays in progressing digital manufacturing, and self-help communities in healthcare: if security can be assured in such critical arenas, then why not the electoral processes of democracy?
In fact, many would argue that digital is a necessary next step for democracy, ensuring that those on the margins without the time, mobility or resources to get to the ballot box can cast their vote. There has been much wringing of hands by politicians of every hue about the lack of engagement by young citizens and a survey from Broadband Genie last election in 2015 found that 60 per cent of abstainers would vote from a browser.
Related article – Can Open Data be a Lever for Democracy and Business Growth?
Returning to current fears around hacking, Avast’s Turner reflects: “The move to digital is a necessary part of evolving the electoral process for the benefit of the public. Rather than simply abandoning the move to e-voting, politicians need to reassure the public that, when the move to e-voting does take place that the proper security measures are in place to ensure that the democratic process is not open to abuse.”
Dr Guy Bunker, BVEx community member and SVP of Products, Clearswift, agrees. He urges the government to adopt technologies such as blockchain to ensure that anonymous voting and integrity are supported in an online system. “Electronic voting is obviously viable as many other countries have adopted it … the manual process we use today is not perfect and in some countries it is easier to rig a manual vote than an electronic one”, explains Bunker.
“I expect that the next general election (assuming it’s in five years) will see the move to electronic voting. Technologies such as blockchain can help to ensure that the main security concerns can be addressed and by then, technology will be sufficiently advanced, as well as tried and tested. The government should be confident enough to consider it, and not be deterred by negative press around corruption of results through hacking,” he adds.
As cybersecurity experts, politicians and citizens moot the essential components of a trustworthy e-voting system (see below) mathematicians from a team of French universities have designed new secure electronic voting system. Inspired by existing e-voting systems, the researchers invented a simple and transparent scheme that easily confirms the correctness of the final election result, guarantees privacy and allows verifiability.
Outlined in Post-Quantum Cryptography 2016, part of the Lecture Notes in Computer Science, the scheme follows the essential components for an e-voting protocol; no one should be able to retrieve the vote of a particular user, each voter should be able to verify that their vote was included, and the final vote count should correspond with the sum of all the legitimate votes. Their system also publicly detects any attempt to cheat.
“Designing security for electronic based systems is much more intricate than traditional paper-based systems,” explains Ilaria Chillotti, from Université Paris-Saclay. “Until now, all designs were based on assumptions that could be compromised by advanced quantum computers. Our design is the first step to achieving a quantum resistant e-voting scheme.”
Whether a future voting system for the UK is based on blockchain or the homomorphic encryption of the French academic initiative, for democracy’s sake a move to digital voting cannot be deferred.
What safeguards and technologies do you think would secure an e-voting system?
Dr Bunker recommends a combination of three approaches for the implementation of an online voting system:
- Confidentiality: Ensuring that every person who can vote is able to vote but only once, that no one can impersonate them and that the vote cannot be traced back to the actual individual. This becomes more complex if full Internet voting is allowed, as things like IP addresses can help to identify systems and therefore people.
- Integrity: The overall system needs to be secure. Hacking a single vote is one thing, hacking the back-end system to impact the outcome by manipulating thousands or millions of votes is another.
- Availability: The system cannot be allowed to fail, even for a few minutes. Voting takes place for a few hours, downtime due to overload or a fault would be unacceptable.
Pascal Geenens, European security evangelist for Radware is a specialist in network security, recommends the following minimum security measures to protect democracy at all times, not just on polling day.
- Politicians leverage social media to communicate to the masses. It is critical that these accounts are secured. They should be aware of phishing attempts.
- Media outlets should ensure their social media accounts also remain secure to ensure the dissemination of accurate information.
- Telecommunication companies have to assure connectivity, which facilitates the visibility of both political parties and the public.
- E-voting systems and statistical websites must be able to withstand DDoS attempts to safeguard critical information. Plus, you have to be able to keep a system available for a short period of intensive use. Because of the processing power needed, the cloud is the only economic way to achieve this and that brings security risk, so DDoS measures have to be assured.
- Voter authentication: how do you know the person voting is who they say they are, and then how do you ensure the vote can’t be intercepted? Tokens and electronic IDs have to be developed.
Share your views and opinions on this via our LinkedIn Group.
Author: Helen Beckett
Helen Beckett is the Community Manager of the Business Value Exchange. She has been a writer and editor for over 20 years and takes a particular interest in the challenges facing the CIO in today’s business climate.