In 2007, Estonia became the world’s first country to give its citizens the choice of voting from their home in parliamentary elections (Wired). Since then, remote e-voting or “i-voting” has scarcely been adopted. Norway ended its e-voting trials in 2014. In 2017, Finland concluded i-voting should not be introduced and France dropped a plan allowing its citizens abroad to vote online in its June legislative elections. But why?
“Given that so many of our daily activities, such as banking, dating and shopping, are conducted online, why not voting, too?” London-based Democratic Dashboard researcher Joshua Townsley told WikiTribune. “E-voting is a lovely idea, but needs careful implementation.”
Unlike many online functions, voting needs to be conducted anonymously, but must also be verifiable by the voter and transparent to election observers.
Since 2012, French citizens abroad had been allowed to vote electronically in legislative elections (not presidential). But this was stopped when the French National Cybersecurity Agency said there was an “extremely high risk” of cyber attacks.
Disagreement persists over the feasibility of online voting, particularly around the issue of election security.
“There is nothing more secure than pencil and paper,” said Matthew Rice, Scotland director of the Open Rights Group (ORG), a UK-based organization that works to “preserve and promote” individual rights in the digital age. ORG contributed to a widely circulated 2014 report (Scientific American; The Guardian) that found Estonia’s 2013 online system was highly vulnerable to cyber-attack and fraud.
Even a 2014 report by tech companies Smartmatic and Cybernetica, which developed Estonia’s original online voting system for its 2005 council elections, noted “electronic voting can be considered inherently more dangerous compared to conventional paper-based voting.”
Rice told WikiTribune that England’s 2007 and 2008 e-voting trials were the “equivalent of someone tipping out a bucket of paper ballots in an empty room and counting them and then … [saying] this is the outcome.”
But Areeq Chowdhury, founder of youth-led think tank WebRoots Democracy, told WikiTribune “there’s no such thing as a 100 percent secure system offline or online.” He said the UK doesn’t have a secret ballot, since the ballot paper it uses has a serial number printed on the back. Theoretically, by matching the serial number with the electoral roll number written on a counterfoil by the clerk in a polling station, it’s possible to trace each vote to the voter who cast it (The Independent). This system to prevent voter fraud is used in Singapore and the Philippines (ACE Electoral Knowledge Network). However, paper ballots can be examined only by court order in the UK and Singapore, and are destroyed after one year and six months respectively.
Not everyone agrees e-voting poses greater security risks than traditional voting methods.
“Online voting and electronic voting in polling stations are inherently secure, more accessible [and] more transparent than postal voting and paper-based, polling-station voting,” said Mike Summers, program manger for online voting for Smartmatic, a London-based, Venezuelan-owned multinational company.
Summers told WikiTribune that in-person, paper-based voting and mail-in ballots don’t allow voters to confirm their votes were actually counted. He said postal voting can be intercepted by others living at the same address, and fraudulent voting can be as simple as finding a date of birth and forging a signature. According to Summers, end-to-end cryptographic processes and digital signatures can be built into online voting systems to protect against such activities.
Summers said there’s “no evidence” of any online voting systems having been influenced by a malicious actor. He described France’s decision to stop citizens abroad voting online as a “knee-jerk reaction” to what he called the “perception” the U.S. 2016 presidential election was hacked by Russian actors, and reports that 65,000 electronic votes could have been compromised in the 2015 Australian New South Wales state election.
“A FREAK vulnerability was potentially unearthed,” Summers said of the Australian case. “But there is no evidence of votes having been compromised.”
But even without technical issues, voting from home opens the possibility of someone coercing another to vote a certain way. To combat this possibility, Estonia’s i-voting system allows users to change their online vote as many times as they like. In addition, voters retain the option to vote in a polling station on election day, and voiding previously cast online votes (The Economist – may be behind paywall).
Guarding against hackers
Despite the 2013 report that found Estonia’s online-voting system was vulnerable to cyber attack, more than 30 percent of voters in Estonia’s 2015 parliamentary elections voted online.
Peter Ryan, a professor of applied security at the University of Luxembourg, told WikiTribune many countries have the capability to hack Estonia’s online voting system. While not specifically aimed at its voting system, in 2007 a series of cyber attacks overwhelmed Estonian websites, including its parliament, banks, newspapers and broadcasters, during the country’s disagreement with Russia over the Estonian government’s decision to relocate the Bronze Soldier of Tallinn statue to its Defence Forces Cemetery.
“In the Estonian system, you still need a very high degree of trust in the authorities that are running the election … because it’s not what we would call universally verifiable,” Ryan said.
Ryan defined “universally verifiable” as neutral observers examining evidence and verifying every vote was processed. A 2016 report co-authored by Estonia’s Head of Electoral Office, Priit Vinkel, stated “there is also no universal access to the election data for the observers.”
Since that report was issued, Estonia has improved its online voting system. Following a 2011 Organisation for Security and Cooperation in Europe (OSCE) report recommendation, Estonia introduced end-to-end encryption in 2017. That encryption allows voters to verify their votes were counted, without revealing which candidates they voted for.
Vinkel told WikiTribune that while “the voter’s computer is the weakest link in the whole system,” end-to-end verifiability allows voters to determine whether their computer was corrupted.
Asked whether the Estonia system had experienced any cyber attacks, Vinkel said there have always been “knocks on the door,” but said nothing had interfered with the voting process.
How replicable is Estonia’s online voting system?
Estonia’s online banking, as well as many other services, are based around its national identity card. Without ID cards Ryan doesn’t see any way other countries can achieve universal eligibility verifiability.
It’s worth noting that in 2017, international scientists found a security flaw affecting almost 750,000 Estonian ID cards, enabling hackers to steal a person’s identity (Financial Times, may be behind paywall). The flaw has since been fixed.
There’s also the political battle of getting public and government approval for ID cards. Most of Europe has either compulsory or non-compulsory ID cards. The U.S. and UK have neither.
Steve Schneider, a cyber-security professor at Surrey University, told WikiTribune the debate on online voting is focused on how pencil and paper is “very 19th century,” rather than addressing the actual risks. He said i-voting could be done with other credentials instead, but that using an ID equivalent every five years voters could lose them, creating security issues.
A 2015 report by WebRoots Democracy found i-voting would cut the cost of UK elections by a third and could increase general election turnout by up to 9 million, potentially boosting youth voter turnout to 70 percent.
While global voter turnout has declined by 10 percent over the last 25 years (World Bank report), voter turnout in Estonian parliamentary elections has increased 2.3 percent since online voting was introduced in 2005. However, academics say there’s no evidence supporting a claim that this increase is attributable to the introduction of online voting (academic study; academic study). There also appears to be little evidence it has dramatically increased the youth vote; rather more of those middle aged seem to be voting online instead (academic study).