Electronic Voting Is Not the Best Idea Unless It Is Really Guaranteed
The purpose of the Digital and Information Age is to improve as many processes as possible from manual to automated.
The promise of a more automated world has inspired innovation in high technology, delivering higher efficiency and cost savings. This is accomplished through electronic means with the use of computer systems. While it makes sense for most processes, especially in the manufacturing and tech industry, it is actually not a good idea for others. One of those processes which I think it is not a good idea is for electronic voting.
Understanding The Voting Process
When you vote, you are exercising your right as a citizen of a country or member of an organization. It is a fundamental right that is part of a process of electing officials to a position. It is also very personal since each person can only vote once. It is, therefore, a one-to-one relationship (1:1) in which a vote that is cast is final. A voter cannot change their vote once it has been committed to the system. Your vote should not be revealed to the public by the polling station or by any agency or a third party, though it is your choice to reveal who you voted for. Voters are also not allowed to vote twice, using their identity.
When you vote, you are normally asked to verify your identity. The majority of identity verification is done by presenting a government-issued ID (e.g. passport, voter card, driver license). This should show a photograph of the voter's face and the validity of the issuer of the ID in the form of a seal or stamp. There are no digital identity systems that can replace this system at the moment (as of this writing), so the staff checking at the voting precinct must verify the documents manually.
If you reside in the US, your eligibility to vote requires you to be a US citizen, at least 18 years of age and then there are other requirements based on state laws. Voters also cannot have a felony conviction or record, be a permanent resident (e.g. Greencard holder, Refugee, etc.) or be mentally incapacitated (depends on state laws). These are the requirements that will need to be verified and putting it all into an electronic system seems to make the most sense. First, it would lessen voter registration time since a registered voter can just present their card or show a valid form of authorization once they arrive at the voting booth. Second, it makes it more efficient since the voter can vote immediately without having to go through a verification process.
Each state has its own requirements, that also includes voter registration. For example, some states require a photo ID while others do not. There is no consistent process so it depends on each state’s laws for voting. At times a voter can vote without presenting an ID, but they will have to sign a form to confirm their identity. They will then be asked to later show proof of their identity, and if none can be produced, their ballot will not count.
So far it seems ideal to make voting electronic. Currently, the US does not allow online voting of any sort for federal and state elections. This could change in the future when identity verification becomes fully digital and electronic. At the moment it still requires the physical presence of the voter at the polling station (where votes are cast).
Instant, Paperless And Convenient
One of the reasons to go electronic is it makes everything instant. It is also paperless and convenient, the perfect pitch for why to convert any process into an electronic system. This works fine for document management, conveyor belt automation, payment processing, and other business processes. Its benefits include cutting costs, saving time and increasing revenue. When you try to do that for a voting system, it seems to be ideal … on paper.
Governments and organizations that plan on deploying electronic voting systems consider the amount they can potentially save, and at the same time make the process more streamlined and efficient. Voters will no longer need to enter voting booths since they can conveniently vote from the comfort of their location, using an app on their smartphone. The votes are then instantly tabulated and stored in a database, allowing immediate access to the results. Since the votes are stored directly in a database, there is no more need for paper, eliminating the costs of printing vote ballots and staff to handle the counting of the votes.
I am not saying electronic voting systems won’t work. Developing and deploying these systems are not a big problem. The software tools for developers are widely available, including open-source code. The infrastructure is also there, via the Internet. They will work, but there is much more concern in that regard. It needs more vetting and guarantees to ensure confidence.
The Risks Of Electronic Voting
If you are already aware at this point as to why I don’t think electronic voting is a good idea, then you understand the risks. There are many since it is going to be electronic and online. The threats to the system will be cyber in nature. When you put a system online, the threat vectors are plenty since public data networks like the Internet have no built-in security layer. That means due diligence is required of the developer to secure the system the best way they can, and sometimes even that can fail.
One of the most likely threats to electronic voting is identity theft. If there is no proven digital identity management system in place, what prevents a bad actor from spoofing someone’s identity and using it to vote? People can also be careless and not secure their own identity online. For example, if the access to online voting is a simple website that requires username/password, you are leaving the front door open to various sorts of attacks. Hackers can guess passwords, especially if its as easy to guess as “password”. Don’t be surprised if people don’t actually use strong passwords, because in many hacking cases that was how the hacker was able to access a victim’s personal online account.
Users install different apps on their smartphones and computers. Some of these apps can be malware. These apps are disguised as legitimate software applications, but in reality, they are more malicious. Some malware will unleash a virus with a payload that could wipe out the contents in storage. Others try to steal passwords using keyloggers that record keystrokes from the user’s login. A hacker can then take control of the voter’s smartphone and use it to vote online. This is one of the greatest risks of using electronic voting systems.
Another problem is network congestion or denial of service attacks (DOS). Also called a distributed denial-of-service attack or DDOS, it can be orchestrated by bad actors to congest a server. When used against a server where voters can vote online, all the attackers need to do is target this server and prevent voters from accessing it. This is a terrible scenario on election day when a server cannot be accessed for electronic voting. More sinister attacks could include DDOS attacks that aim to crash a server.
It has already been proven that bugs can affect any electronic system. An example of this was the 2020 Iowa Caucus vote reporting app, which had an epic fail. As part of the electronic voting process, a smartphone app was developed for reporting the counted votes that come from a precinct. This assists the staff who would otherwise need to do it manually. Bugs in the code were identified, “according to many reports” (there is a suspicion here), and it prevented a timely vote count from taking place. That is intolerable at this stage of a very important event like the Iowa Caucus. Shouldn’t the software developers have been more pro-active at making sure the system works before it was deployed? It is all about testing and quality assurance, something all production software must undergo to guarantee its reliability and efficiency. What if a system has a bug that mistakenly interpreted a click for a vote to the opposition candidate the voter did not wish for? That is going to be a huge problem.
What could be even worse, is the manipulation of the system by bad actors. If the software company that developed the system for the Iowa Caucus had a hidden agenda or vested interests, they can manipulate the system in ways that the public would not know. With a lack of transparency, any system can hide malicious intentions, allowing for results to be changed or rigged to favor other candidates. This is, of course, a worst-case scenario when you have an electronic system that is highly centralized, non-regulated and not transparent enough.
Finally, electronic systems are always prone to getting hacked. Bad actors now include state-sponsored hackers who can attempt to break into an electronic voting system to influence the outcome of an election. This is the inherent problem when you put a system online that is accessible by everyone, and that includes your hackers. Something that is as critical to a state’s sovereignty as voting should not have to face that risk at all, even with the strictest cybersecurity policies. All it takes is one vulnerability on the system and the hackers are in.
Some would argue that electronic voting can always be successful if the developers have strenuously tested the system against cybersecurity threats and logical conditions. You can do all the testing you want, but when it comes to election day and it has a flaw, things will fall apart. No matter how many hours of testing you do on a system, if any condition arises that has not been addressed in development, the result will likely be a failure.
Currently, online systems that deal with transactions like payments use security tokens to log a user’s session. This token is valid for a certain time period. It is also only available for that session and cannot be used on another device. When the time limit is reached, the token expires and will require the user to log in again with their credentials. This aims to protect and secure the link to prevent data eavesdropping and the visibility of unencrypted data. These can be applied to electronic voting as well.
It may still be fooled by hackers since they can always impersonate the user. If anyone gains physical access to the user’s smartphone along with their credentials, the system would really have no way of knowing if that is the voter or not. This is where biometrics comes into play. By requiring voters to activate the app with their fingerprint or other physical attribute using a retina scan or facial recognition, another layer of security is added.
Users will also be required to use MFA (Multi-Factor Authentication). This requires not just a username/password, but a randomly generated code from an online authenticator. This code is then used to gain access to the system. These codes are not pre-determined, they are totally random in nature and generated by a credible source. This makes it much harder for anyone who knows a user’s password from accessing their online account, including that for voting.
A more sound proposal is to use a blockchain to secure an online vote. Blockchains cryptographically secure data, preventing bad actors from manipulating or tampering with votes. The blockchain has been successful so far in the use of cryptocurrency, as the provenance layer that verifies transactions in public, decentralized and trustless systems. It has been proposed for voting systems as well.
I Am Still Skeptical
You can prove me wrong, but I am still skeptical of electronic voting systems, despite proposed solutions. There are many risk factors that can affect an electronic system, but we use them anyway. We go online to make payments on bills, submit personal data for loan applications, purchase items online and even update our medical records for health insurance claims. These are all personal and confidential, just like with voting. In voting, however, when we vote, our ballot should not trace back to us, but rather ensure the secrecy of our vote.
It will not make sense to use a blockchain, specifically a public one. This is because blockchains were meant to be both transparent and immutable, not just immutable. A vote should be confidential, therefore no one should be able to know who you voted for. There can be repercussions against an individual because of the candidate they voted for. You cannot expect people to just accept things without emotions at work. That is just human nature. Voters are allowed to tell people who they voted for, that is their right. There will be consequences for some, so it is best to keep the results of any vote secret and confidential. A public blockchain will do a horrible job in that regard. Unless the blockchain uses privacy features, no one should know who you voted for.
Blockchains, since they are also permissionless and trustless, can encourage bad actors since anyone can enter the system. Now another solution to this would be a digital identity for voters on a blockchain to prevent identity spoofing or theft. Why would you want to associate your digital identity with your vote? Once again that violates privacy because the digital identity can be traced to whom you voted for. Blockchains, for the most part, are not anonymous, they are pseudonymous. That means a public address that is associated with a digital identity can be traced back to an individual.
Just imagine if everyone’s vote was available to the public. Third-party research firms will have a field day gathering information on who voted for who and use this for targeted ads and more nefarious activities. It can also be used by the opposition to target voters to flip. Your co-worker who you often disagree with can find out later on that you voted for someone they are vehemently against. This can spark more conflict that really makes relationships more toxic. The right to privacy and making confidential decisions will be affected.
So why is voting not ideal for an electronic system update? It has to do with trust. It requires trust to do the activities we do online. We can contest electronic payments and confirm the validity of personal data. This is because we trust our bank, credit card provider, online merchants, and payment processors. Your vote once it is cast can no longer be contested or validated after the fact. With electronic voting, are we really sure we can trust the company that is running it? If it was controlled by the state, can we trust them to handle things in a fair and unbiased manner? We do not know for a fact that no one will attempt to manipulate votes. Putting votes in an electronic system in digital format makes it even easier than ever to tamper with. Appearing in person and casting a vote is far more reliable and reassuring than electronic voting, where there is a greater risk of manipulation and hacking.
There are no guarantees that an electronic voting system will work reliably. The utmost concern is the cybersecurity aspect since it will be online operating over a public data network. Even if it requires a VPN for more secure and private communication, the system itself is in question. Will the system fairly accept every vote and not manipulate the results? Such systems are also prone to attacks from “black hat” groups and state-sponsored hackers.
With electronic voting, it may actually encourage rather than minimize electoral fraud. Voting systems have to prove they won’t allow voters to vote twice, that the voter is truly who they claim to be, that another person cannot vote in place of a registered voter, etc. There are so many factors to consider, forgetting about one can open the system up to critical errors. Any vulnerability in software and hardware can also lead to attacks that can compromise the system. The DEFCON hacking convention “Voting Village” demonstrates how easy it can be to hack a voting machine connected online.
At the moment, voting is still a manual process. They can still be controversial, but it seems likely that even if it moves toward an electronic system the controversy won’t go away. It has more to do with politics. The good thing about the current voting process is that it preserves the privacy of the citizen’s choice. There is a paper trail of votes, but it doesn’t reveal who the person voted for. With electronic systems, this information can be recorded and used against you.
Perhaps someday electronic voting will be reliable and guaranteed. It should preserve the privacy of an individual’s vote and not keep track of who they voted for. It should also have contingency measures against system failures and cybersecurity. The system must be operated by a non-biased organization that do not have any agenda or vested interests. Using a cryptographically secure decentralized system might be ideal, but once again it should not be biased. At the moment we just can’t guarantee that nothing wrong will happen and that we can trust whoever is in control of the system. I believe that more trust is needed for this to become accepted.
Note: The views expressed are the opinion of the author. Always DYOR to verify facts.