June 19, 2012 | 12
With the Presidential elections looming up, some have been asking why the United States is not making more of electronic voting. It’s being adopted in many other countries around the world, with India, Brazil, Estonia, Norway and Switzerland as notable examples. However, the United States has several examples in recent years where it has backed out of electronic voting that it had already implemented.
For example, in 2010, a trial system for remote voting over the Internet in Washington DC (known as the “Digital vote by mail”) was shown to be vulnerable, when it was penetrated by a research team from the University of Michigan, demonstrating how a real attack could render any results unsound, without detection. The attack was documented in a recent paper by researchers from the University of Michigan.
So who is right?
First, it’s important to differentiate between the types of e-voting. To some it means using controlled kiosks in polling stations which collect the votes locally. For others it means those kiosks sending the votes to some central collection system. To others, e-voting is about being able to vote remotely, typically over the Internet. In all cases, the key element of e-voting is that the vote is captured and processed electronically. This has several perceived benefits:
Given that we already do online banking and shopping, and even remotely vote for popular TV shows, what’s so different about electing our politicians through electronic voting?
It comes down to two principles which are peculiar to these types of elections:
The key difference between this and, say, online banking rests on the fact that we can check bank statements and retain records of transactions, which lets us catch any errors and unauthorised transactions. We can’t do this for voting systems because of the need for ballot secrecy, so we have to trust the voting system instead. This is like running your bank account without getting statements or receipts, and trusting the bank to keep track of your balance accurately.
The Holy Grail for electronic voting is “verifiability” which provides the highest level of trust by publishing the election data in a way that can be checked independently. Finding a way to do this is a challenge, but some systems have been proposed which make use of cryptography to secure votes while preventing them from being changed, whilst allowing vote processing to be done in an open and verifiable way.
Scantegrity were the first to run a municipal election in this way, at Takoma Park in November 2009 (and again in 2011), which was independently audited and resulted in no serious objections. Similarly, Helios has run several verifiable elections over the Internet, the largest being for the election of the Recteur (Principal) of the Catholic University of Louvain in Belgium.
Another voter-verifiable system is Prêt à Voter, originally proposed by Peter Ryan of the University of Luxembourg, and which is currently being implemented by the University of Surrey. In Prêt à Voter, “verification” comprises publishing each step in the election process, from the point where the vote is first cast right through to the final tally. It’s just like paper based elections where observers can see votes physically placed in the ballot boxes and watch that they are not tampered with throughout the collection and counting process.
Prêt à Voter makes use of cryptographic techniques to preserve the secrecy of the ballot. It secures the information so that it cannot be tampered with, nor can the person who cast the vote claim it wasn’t them that made a specific vote. All of this is done in such a way that voters can track their vote without providing a casual observer with the linkage between individuals and a specific vote. The processing steps come with mathematical proofs that the votes have been processed, decrypted and tallied correctly.
It’s clear that successful e-voting systems work on the principle of “assume voters will trust but allow them to verify if they wish”. As more e-voting is implemented using this this principle it will become something demanded by voters, as it is not just an automated version of the current manual systems, but something that offers truly verifiable democracy. In an era when people are jaded about the political process, that must surely be a good thing.